TikTok’s Android app collected users’ MAC addresses for 18 months in violation of the platform rules, as discovered by a Wall Street Journal investigation on Tuesday. The addresses would have served as a unique identifier for each user’s device, making them valuable for both advertising and potentially more invasive forms of tracking.
Both the iOS App Store and the Google Play Store had banned the collection of MAC addresses as a matter of policy by 2015.
But TikTok is not the only app doing this. The Wall Street Journal study found almost 350 apps on the Google Play Store that had taken advantage of a similar loophole, usually for ad-targeting.
The Wall Street Journal reports that TikTok stopped this practice last November and attributed this shift in policy to the mounting political pressure from the US.
A revelation like this comes at a time when TikTok is facing some very tough questions from the Trump administration over its parent company ByteDance’s level of access to US user data and this could be crucial.
The White House cut off all US transactions with ByteDance, via an executive order issued last week, beginning September 20 if the company is unable to complete the sales of its US operations by that time.
ByteDance is currently in talks with Microsoft for the deal but reports state that it could take more time than anticipated, which just might frustrate the Trump administration.
The Wall Street Journal revelation goes against TikTok’s argument that the system does not collect any more data than a standard mobile app. When it comes to collecting user data, collecting MAC addresses is mostly done for ad tracking, but it is one of the more invasive forms of the practice.
TikTok told The Verge that they had discontinued the practice and mentioned that the current version of the app does not collect MAC addresses.