In recent past, TikTok had faced a lot of security issues for its alleged ties with the Chinese government. As per US government, TikTok offered user data to the Chinese government. At present, there was no evidence of TikTok doing what it was alleged. A journalist from Wall Street figured out that TikTok is breaching the Google Play’s guidelines and collecting the MAC addresses of Android devices.
TikTok utilized an exploit in the Android OS to track and collect the MAC addresses of the Android addresses. For those users who don’t know, MAC is 12 digit address of a mobile device that connects the device to the internet. MAC addresses of an Android are useful for the advertiser since they are permanent, which allows them to track a device across the web for building consumer behaviour. TikTok collected the user data for about 15 months until the Android update was released in November. The app used to send the users MAC addresses with the device identifier to ByteDance servers.
Therefore , TikTok’s team, went to great extent to conceal the fact of collecting data by covering it under ‘custom encryption’. Nathan Good, a researcher at the International Digital Accountability council, said:
“This obfuscation of this data makes it harder to determine what it’s doing. TikTok could be doing this to bypass detection by ‘Apple’ or ‘Google’ because if Apple or Google saw them passing those identifiers back they would almost certainly reject the app.”