TikTok's Android app, as discovered in an investigation of Wall Street Journal on Tuesday, collected users' Mac addresses for 18 months in breach of platform rules. The addresses would have served as the unique identification of each device for each user , making them valuable both for publicity and for potentially invasive forms of tracking.
By 2015, the collection of MAC adresses was prohibited by both the App Store and Google Play Store, but TikTok was still in a position to obtain the identifier via a loophole. A survey quoted in the journal found that almost 350 apps used a similar loophole in the Google Play Store, usually for publicity purposes.
In November of last year, TikTok discontinued its practice, a change in the policy that the Journal attributes to increased Washington political pressure.
The disclosure comes at a sensitive time for TikTok, which faces difficult questions from the White House about the level of access to US user data for its Chinese parent company. The White House issued an Executive Order, beginning 20 September, last week to shut down all U.S. transactions with the Company, unless it can complete its US sales by then. The company is currently in discussions with Microsoft, but the extent to which the deal will go is unclear.
The results of the Journal are contradictory to TikTok's best argument that the system collects nothing more data than a standard mobile app. The collection of MAC addresses is one of the most invasive forms of the practice, although it is often used for ad tracking.
TikTok was not available for comment immediately.