Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
TikTok used Android loophole to collect MAC addresses without user consent
#1
Information 
Quote:TikTok has come under scrutiny in recent weeks due to security issues for its allegedly close ties with the Chinese government and for stealing user data and passing it on to China. However, there was no concrete proof of any wrongdoing on TikTok's part so far. A Wall Street Journal analysis has discovered that TikTok violated Google Play's guidelines in the past and collected the MAC addresses of Android devices to track users online.
 
The company used an exploit in Android OS to collect and track the MAC addresses of Android devices. The MAC address is a 12-digit "address" of a mobile device that connects to the internet. MAC addresses are useful for advertisers since they are permanent which allows them to track a device across the internet and build a consumer behavior profile based on that. TikTok collected this data for at least 15 months until an update released on November 18 last year. The app used to automatically send the MAC address along with the device identifier to ByteDance servers when it was first launched on an Android device.
 
Google Play Store policies forbid apps from collecting "persistent device identifiers" like MAC addresses without explicit user consent. The policy has been into effect since at least 2015. The analysis by WSJ shows that apart from MAC addresses, TikTok was not collecting any unusual amount of user information, and whatever data was collected, they were all disclosed in its privacy policy.
 
However, the company went to great lengths to hide the collected data by wrapping them in an additional layer of custom encryption. This "obfuscation of this data makes it harder to determine what it’s doing" as per Nathan Good, a researcher at the International Digital Accountability Council. Marc Rogers, VP of cybersecurity strategy at Okta. Inc, believes that TikTok could be doing this to "bypass detection by Apple or Google because if Apple or Google saw them passing those identifiers back they would almost certainly reject the app."
 
A TikTok spokesperson said that the "current version of TikTok does not collect MAC addresses." WSJ also reached out to Google for a comment which said that is investigating the matter.

Source: Wall Street Journal

Source: https://www.neowin.net/news/tiktok-used-...er-consent
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>