Highlights – Tiktok
- The Android App have reportedly collected the MAC addresses of the users for at least 15 months
- The practice came into light through a journalistic investigation
- The use of the app was banned in India and US prior to the new report
Wall Street Journal investigation have uncovered the malpractice
The Android version of the Chinese video sharing social networking service TikTok is reported to have been using an overlaying encryption to disguise a plan to track the users by collecting the MAC address of their device which had violated the Google policies. An investigation led by the Wall Street journal said that TikTok had been continuing the practice for over 15 months until the latest version of the application came into existence last November.
The app is said to have exploited a loophole that had been prevailing in the Android. It is said to have gathered the fixed identifier without informing its users.
Responding to the reports
Tiktok did not contradict the fact of the matter. A statement sent by a TikTok spokeswomen asserted that the app has never shared the user’s data with the Chinese government. The statement read:
Under the leadership of our Chief Information Security Officer (CISO) Roland Cloutier, who has decades of experience in law enforcement and the financial services industry, we are committed to protecting the privacy and safety of the TikTok community. We constantly update our app to keep up with evolving security challenges, and the current version of TikTok does not collect MAC addresses. We have never given any TikTok user data to the Chinese government nor would we do so if asked.
Exploiting the loophole
Foreseeing the security danger in the iOS , Apple in 2013 had prevented third party developers from collecting MAC addresses of iPhone users. The practice was later followed by Google in 2015 and restricted Android apps in the Play store from collecting the users MAC addresses and IMEI numbers. TikTok is supposed to have acknowledged the flaw in the system and used a “more circuitous route”.
Wall Street Journal has conducted an inquiry into this and reported that more than 350 applications in the Google Play store have taken advantage of the loophole. Google is yet to respond to the news.
Earlier this week, the US posed a ban on the application citing security threats. India also banned TikTok last month.