IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

TikTok accused of using Android loophole to track users

The company reportedly went against Google Play's guidelines to collect and track users’ MAC addresses

Smartphone with TikTok opening screen on it in front of an American flag

TikTok allegedly exploited an Android loophole to collect the MAC addresses of devices to track users online, according to a new analysis by The Wall Street Journal.

The popular video-sharing platform is accused of violating Google Play's guidelines and taking advantage of a loophole in Android in order to collect and track users’ MAC addresses - the 12-digit combination which connects a mobile device to the internet.

They are especially useful to advertisers because of their permanent nature, making it possible to track the behaviour of a user and build a profile based on their habits.

The Google Play Store banned apps from collecting “persistent device identifiers”, such as MAC addresses, without explicit user consent in 2015.

However, TikTok allegedly collected the data between 2018 and November 2019, when it released an update to its app. The Wall Street Journal estimates that it tracked users’ MAC addresses for at least 15 months, sending the collected data to its parent company ByteDance’s servers.

In spite of this, the analysis found that TikTok had not collected any unusual amount of user information and said it managed to disclose what data was being collected in its privacy policy.

In a statement given to IT Pro, TikTok said it is "committed to protecting the privacy and safety of the TikTok community

"We constantly update our app to keep up with evolving security challenges, and the current version of TikTok does not collect MAC addresses, the TikTok spokesperson added. "We have never given any US user data to the Chinese government nor would we do so if asked. We always encourage our users to download the most current version of TikTok." 

Google told The Wall Street Journal that it is currently investigating the matter.

The allegations could play a significant role in TikTok’s already-threatened presence in the US. Last week, Donald Trump signed an executive order against TikTok and WeChat amid concerns about security, government interference, and a growing trade war.

The order against TikTok claims that the platform threatens national security via the information it collects on users. TikTok said it was "shocked" by the order and would "pursue all remedies available," suggesting legal action may ensue. Until now, there was not much proof that TikTok was in any way tracking users’ data.

However, the analysis by The Wall Street Journal presents evidence which could significantly weigh on the company’s future.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Best business smartphones 2022: The top handsets from Apple, Samsung, Google and more
Mobile

Best business smartphones 2022: The top handsets from Apple, Samsung, Google and more

23 Jun 2022
Qualcomm and Mediatek flaws left millions of Android users at risk
Security

Qualcomm and Mediatek flaws left millions of Android users at risk

22 Apr 2022
Google will cull out-of-date Play store apps in bid to improve Android security
Google Android

Google will cull out-of-date Play store apps in bid to improve Android security

7 Apr 2022
Businesses on alert as mobile malware surges 500%
mobile security

Businesses on alert as mobile malware surges 500%

10 Mar 2022

Most Popular

Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
The UK's best cities for tech workers in 2022
Business strategy

The UK's best cities for tech workers in 2022

24 Jun 2022
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022