MobileNews

Report: TikTok used loophole to collect MAC addresses on Android

At the start of this month, President Trump announced that the US would “close down” TikTok on September 15 unless it was acquired. Data privacy and security concerns have always shrouded the app, and a new report reveals one particular loophole that TikTok exploited on Android to collect MAC addresses. 

The today detailed how TikTok for Android “collected MAC addresses for at least 15 months, ending with an update released Nov. 18 of last year.”

In 2015, Google prohibited Android apps distributed through the Play Store from connecting “personally-identifiable information or associated with any persistent device identifier.” This includes MAC addresses and IMEIs.

However, TikTok leveraged a workaround that the describes as being “circuitous.” That identifier, a device’s advertising ID, and other data are sent to ByteDance the first time you open the app — before users can provide any consent. While the ad ID can be reset, there’s no real benefit if any new ones can be associated with an existing MAC address.

The MAC address is useful to advertising-driven apps because it can’t be reset or altered, allowing app makers and third-party analytics firms to build profiles of consumer behavior that persist through any privacy measure short of the owner getting a new phone.

Meanwhile, TikTok also leverages an “unusual added layer of encryption” to conceal collected data. Researchers quoted in today’s piece say there is no real security benefit. Rather, this practice makes it difficult for third-parties to examine what information is being transmitted and whether the social media app is following its stated privacy policy. 

The company said that the “current version of TikTok does not collect MAC addresses” but otherwise did not comment on its past practices. Meanwhile, Google said it’s examining today’s report. 


Check out the latest Samsung phones at great prices from Gizmofashion – our recommended retail partner.


Author: Abner Li.
Source: 9TO5Google

Related posts
AI & RoboticsNews

The show’s not over: 2024 sees big boost to AI investment

AI & RoboticsNews

AI on your smartphone? Hugging Face’s SmolLM2 brings powerful models to the palm of your hand

AI & RoboticsNews

Why multi-agent AI tackles complexities LLMs can’t

DefenseNews

US Army buys long-flying solar drones to watch over Pacific units

Sign up for our Newsletter and
stay informed!