From PC Mag: TikTok reportedly found a loophole in Google's Android OS that allowed the app to collect data from millions of mobile devices and track users online without consent.
Hidden beneath an "unusual" layer of added encryption, the tactic, according to The Wall Street Journal, granted access to media access control (MAC) addresses—unique identifiers often used in digital advertising. Unchanging and inalterable, MAC addresses make it easy for firms to build consumer profiles that folks can't easily opt out of.
TikTok, which recently claimed it collects less personal data than Facebook or Google, allegedly stockpiled MAC addresses for at least 15 months, ending in November 2019, when parent company ByteDance Ltd. came under scrutiny by the US government. Each time the social network was installed and opened on a new device, advertising identifiers (including MAC addresses) were bundled with other device data and sent to Beijing-based ByteDance.
"Like our peers, we constantly update our app to keep up with evolving security challenges," a company spokesperson told WSJ, assuring users that "the current version of TikTok does not collect MAC addresses." Google, meanwhile, is investigating these findings. Neither firm immediately responded to PCMag's request for comment.
View: Full Article
