TikTok has been in hot waters in recent months, and new controversies continue to rise around the app as time passes. The app is already banned in several countries across the world, but a new report may lead to troublesome legal issues for the parent company.
According to a new report published by a popular news outlet, the app broke Google Play Store policies by collecting information from users without asking for their consent and used a sneaky trick to evade the security measures imposed by Google.
The app collected and stored the MAC address of devices on which it was installed. Since MAC addresses are unique identifiers that cannot be changed, TikTok parent company ByteDance was able to use them to track people even if they decided to refuse some ad-tracking practices.
An analytics firm has revealed that TikTok has been installed more than 89 million times from the Google Play Store in the US. MAC addresses were collected for at least 15 months before the practice was stopped when an update was released in November 2019, with the CEO of ByteDance encouraging people to keep their app updated.
Google banned app developers from collecting MAC addresses five years ago, while Apple imposed the rule since 2013. However, according to smartphone security experts, TikTok exploited a bug to gain access to MAC addresses, and an additional layer of encryption was used to hide evidence.
TikTok was banned in the US last week by an executive order signed by President Trump last week, which also bans WeChat. The executive order mentions that both apps pose a major security risk for US citizens since the owners of the app can be forced by the Chinese government to share user data.
Google has also announced that an investigation has been started but did not share any information about the exploited bug.
Willie Hahn, senior editor at The Trending Times, writes about the intersection between money and politics with a focus on lobbying and tech articles. Willie previously at the Android Authority and Vice. Willie can be reached by email.