TikTok, much like any other China-based tech company, has been at the receiving end of intense scrutiny from many countries with regards to its practices around user privacy and data collection. Now, a new report from the Wall Street Journal has uncovered that TikTok deployed a tactic to collect user data that was actually prohibited by Google across all Android mobile phones.
Both sides of the political aisle in the US, as well as India and other countries, have recently expressed concerns over how TikTok may be used for harvesting data of citizens and using it for purposes such as espionage.
With the recent WSJ report accusing TikTok of collecting such personal data, security concerns around using the app will likely increase.
While on one end, the talks of Microsoft acquiring TikTok became the talk of the town, on the other, the Trump administration signed an executive order to ban the app in the country and, if Microsoft does plan to acquire TikTok, they have to get the deal done by next month.
Diving into the details of the Wall Street Journal’s report, it was found that several mobile-security experts had unearthed TikTok’s sly tactic is concealed by a layer of encryption. The investigation said TikTok was collecting personal “identifiers” (MAC addresses) of users which helped the app to better track them. What’s more, this tactic prevents the users from fully opting out of being tracked all the time, even when not using the app.
“It’s a way of enabling long-term tracking of users without any ability to opt-out. I don’t see another reason to collect it,” says Joel Reardon, an assistant professor and the cofounder of AppCensus, Inc.
Ironically, earlier this year, TikTok said that it did not collect as much personal data as Big Tech companies such as Google or Facebook commonly do.