- TikTok collected data from Android users for at least a year in apparent violation of Google’s policies, The Wall Street Journal reported Tuesday.
- The app tracked users’ MAC addresses, an identifier unique to every smartphone that would allow TikTok to track users even if they tightened their privacy settings, according to the report.
- Google and Apple have both banned apps from collecting MAC addresses, but researchers told The Wall Street Journal that TikTok did so until November last year by exploiting a bug.
- TikTok told The Journal that it doesn’t currently collect the information, and Google told Business Insider it’s “investigating these claims.”
- The report follows President Donald Trump’s executive order last week that aims to ban American companies from doing business with TikTok’s parent company, ByteDance, which would effectively halt its US operations.
TikTok surreptitiously collected information from users’ Android smartphones without their consent, an apparent violation of Google’s app store policies, The Wall Street Journal reported Tuesday.
The app logged users’ MAC addresses — unique digital identifiers attached to all smartphones that cannot be reset — allowing TikTok parent company ByteDance to track people even if they changed their privacy settings to opt out of certain ad-tracking practices, The Wall Street Journal found.
TikTok installs from the Google Play store in the US currently total around 89 million, according to app analytics firm Sensor Tower.
The Journal’s analysis, which was based on a past version of TikTok, found that the app collected MAC addresses for at least 15 months, but ended the practice with an update to the app last November.
“We are committed to protecting the privacy and safety of the TikTok community. We constantly update our app to keep up with evolving security challenges, and the current version of TikTok does not collect MAC addresses,” a TikTok spokesperson told Business Insider. “We always encourage our users to download the most current version of TikTok.”
Google banned app developers from collecting users’ MAC addresses in 2015, while Apple did the same two years earlier. But smartphone security experts told The Wall Street Journal that TikTok circumvented the policy by exploiting a bug and hid its tracks with an atypical extra layer of encryption.
“We’re investigating these claims,” a Google spokesperson told Business Insider, while declining to comment specifically on the bug that TikTok reportedly exploited.
The Wall Street Journal’s report comes on the heels of President Donald Trump’s executive order Thursday seeking to ban TikTok from operating in the US by prohibiting American companies from doing business with ByteDance. Trump issued a similar order aimed at messaging app WeChat, which is owned by Chinese tech giant Tencent.
Trump’s orders cited concerns about the apps’ ownership by Chinese-based firms, claiming that both are subject to pressure from the Chinese government that could force them to censor content it finds objectionable or help it spy on Americans using data collected by the apps.
“We have never given any US user data to the Chinese government nor would we do so if asked,” TikTok’s spokesperson told Business Insider.
Experts told Business Insider’s Isobel Asher Hamilton that TikTok no more intrusive in its data collection practices than competitors like Facebook, and the CIA has reportedly told the White House that there is “no evidence” that the Chinese government has accessed American user data from TikTok.
Experts have also expressed doubt about the legality of Trump’s orders, arguing they violate the First Amendment’s ban on government censorship. TikTok reportedly plans to challenge the order in court as early as this week.