An App in TikTok hid the gathering of device unique identifiers using an added layer of encryption.
TikTok has been collecting unique identifiers from millions of Android devices without their users’ knowledge, using a method that has been previously prohibited by Google, because it violated people’s privacy, latest research has discovered.
The app hid the practice, which can track users online without consent, with an addition layer of encryption, according to analysis by & a report in the Wall Street Journal (WSJ). TikTok, owned by Beijing-based parent company ByteDance Ltd., seems to have stopped the practice in Nov., outlines the report.
MAC addresses
Identifiers collected by TikTok are called ‘MAC addresses’, which are unique to a device, & used as its network address in a network segment. They are typically assigned by device manufacturers & are not usually changed or altered.
Because of this, they become valuable to companies & 3rd parties wishing to send targeted advertising to mobile device users, as they provide a unique insight into customer behaviour.
WSJ research found that TikTok collected MAC addresses for at least 15 months, ending with an update released Nov. 18, 2019.
The app bundled the MAC address with other device data & sent it to ByteDance upon the app’s first installation & opening on a new device, according to the report.
32-digit number
That data bundle also included the device’s advertising ID, which is a 32-digit number aimed at allowing advertisers to track consumer behaviour, while still allowing the user to maintain some degree of anonymity & control over their information, the WSJ observed.
Mobile apps collect various data on users for advertising purposes, which has always been a point of difficulty for privacy advocates.
Personalised Experience
Companies have defended this practice previously as helping them provide a ‘personalised experience’ for users.
TikTok is a very popular video-sharing app, particularly in the US. Its popularity has become even higher since the beginning of the pandemic in March, when stay-at-home orders were first started, & people began using social-media mobile apps much more than usual to stay in touch.
Critical Time
The WSJ’s finding is not the 1st time TikTok has been accused of ‘dodgy’ data-collection practices & come at a critical time in the investigation & scrutiny of these apps.
President Trump recently threatened to ban the app in the US, out of fear that it’s secretly collecting data on US government employees & contractors, to use in China’s cyber activities against the US.
His comments came when companies such as Microsoft, among others, were seeking to purchase the app, which would make it subject to US laws on privacy & data collection.
Security Flaws
TikTok has said it does not share data with the Chinese govt., & would not violate user privacy even if asked, observed the WSJ. However, many security experts have warned that because of the security flaws of the app & China’s stance on cyber-security, it is likely the Chinese govt. has access to whichever data the app does.
Not only has TikTok been targeting Android devices with its alleged ‘dodgy’ data-collection practices.
Apple iPhone
The app earlier was attacked because it read Apple iPhone users’ cut-and-paste data, which was found in Feb., & which TikTok’s owners promised the app would stop doing during March.
However, in late June, a new iPhone privacy feature in Apple iOS 14 that shows a banner alert to flag if a mobile app is pasting from the clipboard, seemed to show that the practice was still occurring.
