Save over 40% when you secure your tickets today to TNW Conference 💥 Prices will increase on November 22 →

This article was published on August 12, 2020

TikTok’s older version collected device identification data, violating Google’s app store policy


TikTok’s older version collected device identification data, violating Google’s app store policy Image by: Kon karampelas/Unsplash

TikTok has faced a lot of scrutiny for its data collection practices. It’s one of the many reasons why the app might get banned in the US. And a new privacy issue will not help its cause. The app’s older Android version collected MAC addresses of devices — a practice banned by Google.

An investigation from the Wall Street Journal revealed that the company gathered users’ device MAC addresses without informing them, or even Google. The report notes that the short video app collected this data for 15 months, up until last November when an app update was released.

TikTok also used an additional layer of encryption to mask the data it captured. It’s standard practice to apply encryption on your internet traffic to prevent snooping. However, the additional customer layer applied by the short video app was unusual and didn’t have any visible security benefits.

[Read: Apple clashes with Microsoft, Google, and Facebook over cloud gaming]

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

Companies collect MAC addresses or similar identifiers to get more data about their customers for targeted advertisements. Because hardware MAC addresses don’t change over time, it helps advertisers recognize an individual and their habits quickly.

Google forbids developers from collecting persistent identifiers such as MAC addresses or IMEI numbers to use with Advertising ID (an identifier used in Android for ad-tracking). The company banned this practice in 2015. A study published in 2018 from analytics firm AppCensus suggested that nearly 1.4% of Android apps collected MAC addresses.

In a statement, TikTok said its current version of the app doesn’t collect MAC addresses:

We constantly update our app to keep up with evolving security challenges, and the current version of TikTok does not collect MAC addresses. We always encourage our users to download the most current version of TikTok.

In his executive order to bar US firms’ transactions with the app, President Donald Trump accused the app of collecting “vast swaths of information from its users.” This new revelation of the app’s sneaky data collection practice might give Trump & Co. one more reason to block TikTok. Microsoft, which’s leading the race to acquire the app, might also have its work cut out in convincing the government to approve the deal. 

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with