For more than a year, TikTok collected MAC addresses of Android users in secret, hidding the entire practice as they did so. The details, discovered by The Wall Street Journal (WSJ), allowed the app to track people, and they made a point of hiding this practice by adding a layer of encryption, and didn't inform users, which may have been in violation of Google's own policies.
A MAC address, or Media Access Control, is unique to a hardware device. Flip over the back of some products, and you'll often see MAC on the back. And while that sounds like something that would be part of Apple's catalog, it's not. That's the number that's assigned to your product whether that's an iPhone or a Google Home Hub. And being able to track a MAC address is valuable — it means being able to track your very specific device.
TikTok reportedly stopped this practice in November 2019, but by then had been collecting data for 15 months, minimum. And they had not told people they were tracking this information, nor allow them to opt-out — which Google requires. Apps do track users, it's the key way they can send advertising pushes, for example.
But TikTok has been caught crossing the line in the past as well, including copying data that people paste into their iPhone clipboard. That practice, which other apps from LinkedIn to Reddit were doing as well, has reportedly stopped.
TikTok is under threat of being banned by the White House, as the company is owned by a Chinese group, ByteDance Ltd, and the White House has said it is concerned that data collected by the app could be shared with the Chinese government.
While TikTok says the app no longer tracks Mac addresses, the flaw the app used to collect this information is still not fixed, the WSJ reports.