TikTok is currently taking any and all means to distance itself from the Chinese government, and reports that it poses a threat to the data privacy of users.

A new report from the Wall Street Journal (paywall), however, suggests that TikTok did indeed infringe upon the privacy of users, and in particular, tracking of MAC addresses of Android devices.

For those unfamiliar, a media access control (MAC) address is used to provide a coded identifier for a mobile device on a specific network. It is also a practice that the Google Play Store expressly denies app’s from doing, but TikTok appears to have found a loophole to that measure, doing so for almost 15 months unnoticed.

It carried on for so long thanks to a detailed level of encryption which masked it from view for many security researchers.

As such, those initially unwarranted fears that TikTok would be utilising user data without permission, now have some credence.

As for how the social media app went about its workaround, the WSJ says its investigation found that the anonymised advertising IDs that the Play Store generates for devices, was used as a way in by TikTok. Those advertising IDs can be rest at any time by Android device users, but MAC addresses cannot, which makes this report rather concerning.

This ID bridging was reportedly ended in an update rolled out by TikTok in November of last year, with the company telling the WSJ that, “the current version of TikTok does not collect MAC addresses.”

Precisely why TikTok chose to track and collect MAC addresses in the first place is unclear, but given the company’s current plight, it does little to dispel the rumours that it could use data without the knowledge or consent of users.

[Source – The Wall Street Journal] [Image – Photo by Kon Karampelas on Unsplash]