The higher something goes, the stronger the wind it's going to face. TikTok is considered a young company, but it managed to reach, to then surpassed many others.
The company, and ByteDance that owns it, are already facing a lot of privacy and security questions raised by others as well as from the governments.
And this time, a report from a Wall Street Journal discovered that the social media's Android app was doing what's it wasn't supposed to do.
And that was collecting its users' MAC addresses.
This is a violation to Android rules, and TikTok is said that have done this for at least 18 months.
Both the iOS App Store and the Google Play Store had banned the collection of MAC addresses as a matter of policy since 2015. However, TikTok was able to obtain the identifier through a loophole found on Android.
The report said that TikTok stopped this practice in November 2019, and shifted its policy to the mounting political pressure from the U.S..
MAC addresses, or Media Access Control addresses, serve as unique identifiers for each user’s device. That identifier records a device on a network and is usually not changed.
This makes them very powerful for both advertising purposes and for other forms of tracking methods.
By tracking MAC addresses, companies could track installations across different accounts that occur on the same device, to then be able to link a person’s ID to a particular piece of hardware.
Because it's a violation to privacy, Google offers an alternative to collecting MAC addresses, by presenting an anonymized advertising ID that users can easily reset. There are also other techniques used for this “ID bridging” that don’t involve the MAC address.
The Wall Street Journal said that TikTok in collecting users MAC addresses goes against its own argument that said its system does not collect any more data than a standard mobile app.
TikTok got away because it concealed the method through an unusual added layer of encryption.
And makes it concerning, neither TikTok or ByteDance notified users, or give them a choice regarding the data collection.
When users first ran the app on a new device, TikTok bundled the MAC data with information including the semi-anonymous advertising ID used to track user behavior. While users can reset the advertising ID on a phone, they cannot change the MAC address.
TikTok didn't deny this allegation. TikTok removed its tracking with an update on November update in 2019. In a statement, the company said “the current version of TikTok does not collect MAC addresses.”
A revelation like this comes at a time when TikTok is facing some very tough questions from the U.S. President Donald Trump and his administration over its parent company ByteDance’s level of access to U.S. user data.
The U.S. concerns that data collected by the app could be used to help the Chinese government track U.S. government employees or contractors, TikTok has defended itself saying that it doesn’t share data with the Chinese government and wouldn’t do so if asked.
With the U.S. seeing TikTok as an enemy, this revelation adds just another reason for the U.S. government to block TikTok.
"As far as TikTok is concerned, we’re banning them from the United States," said U.S. President Trump of the hugely popular social network, which his administration considers a national security risk because of its Chinese ownership.
With its days in the U.S. numbered, TikTok is forced to sell its U.S. operations to an American company, if it doesn't want to be "out of business".
As the White House cuts off all U.S. transactions with ByteDance via an executive order, TikTok has until mid-September to decide whether or not it wants to continue its operations in the U.S..
In the meantime, ByteDance is in talks with Microsoft for the deal but reports state that it could take more time than anticipated.
It's also worth noting that TikTok is not the only app doing this. The Wall Street Journal study found almost 350 apps on the Google Play Store that had taken advantage of a similar loophole, usually for ad-targeting.
Further reading: How ByteDance Wants To Dominate, By Surpassing Facebook, Instagram And YouTube