TikTok skirted a privacy safeguard in Googleโs Android operating system to collect unique identifiers from millions of mobile devices, data that allows the app to track users online without allowing them to opt out, a Wall Street Journal analysis has found.
The tactic, which experts in mobile-phone security said was concealed through an unusual added layer of encryption, appears to have violated Google policies limiting how apps track people and wasnโt disclosed to TikTok users. TikTok ended the practice in November, the Journalโs testing showed.
The findings come at a time when TikTokโs Beijing-based parent company, ByteDance Ltd., is under pressure from the White House over concerns that data collected by the app could be used to help the Chinese government track U.S. government employees or contractors. TikTok has said it doesnโt share data with the Chinese government and wouldnโt do so if asked.
The identifiers collected by TikTok, called MAC addresses, are most commonly used for advertising purposes. The White House has said it is worried that usersโ data could be obtained by the Chinese government and used to build detailed dossiers on individuals for blackmail or espionage.
TikTok, which said earlier this year that its app collects less personal data than U.S. companies such as Facebook Inc.ย FB,ย 1.84%ย and Alphabet Inc.โsย GOOGL,ย 1.94%ย GOOG,ย 1.91%ย Google, didnโt respond to detailed questions. In a statement, a spokesperson said the company is โcommitted to protecting the privacy and safety of the TikTok community. Like our peers, we constantly update our app to keep up with evolving security challenges.โ The company said โthe current version of TikTok does not collect MAC addresses.โ
