TikTok secretly collected users' MAC addresses: report

For story suggestions or custom animation requests, contact [email protected] Visit http://archive.nextanimationstudio.com to view News Direct's complete archive of 3D news animations.

RESTRICTIONS: Broadcast: NO USE JAPAN, NO USE TAIWAN Digital: NO USE JAPAN, NO USE TAIWAN
TikTok engaged in a banned data-collecting process that harvested highly personalized information from its users for more than a year, an investigation by the Wall Street Journal has found.

The popular short-video app owned by China's ByteDance collected MAC addresses, which are particularly useful for gathering identifying data on an individual and creating a highly personal user profile, because they are often hard-coded into a device.

TikTok collected users' MAC addresses for 18 months in violation of Google's rules until November of 2019, the Wall Street Journal found.

In 2013, Apple locked down MAC address access to third-party developers. Google followed suit in 2015 for devices running Android. Google also bans app developers from collecting identifying data without a user's consent.

TikTok circumvented these restrictions and concealed TikTok's tracking behind an "unusual added layer of encryption," according to the Wall Street Journal's report.

A 2018 study by AppCensus found that about 1 percent of Android apps were gathering MAC addresses, usually for advertising purposes.

What is unusual in TikTok's case is the extra steps it took to conceal its workaround, indicating that the company was purposefully collecting sensitive user data in secret.

TikTok did not respond to detailed questions from the Wall Street Journal. In a statement, a spokesperson said the company was "committed to protecting the privacy and safety of the TikTok community. Like our peers, we constantly update our app to keep up with evolving security challenges." The company said "the current version of TikTok does not collect MAC addresses."

RUNDOWN SHOWS:
1. Illustration of MAC and IP addresses
2. Why MAC addresses are useful for gathering identifying data on an individual
3. Google locked down MAC address access to third-party developers in 2015
4. TikTok circumvented these restrictions and concealed its tracking
5. A 2018 study found 1 percent of Android apps were gathering MAC addresses
6. TikTok took extra steps it took to conceal its workaround

VOICEOVER (in English):
"A MAC address — short for media access control address — is a globally unique identifier assigned to a device that can connect to the internet, unlike an IP address, which multiple devices may use to connect to the internet. If a MAC address is like a person's name, which is unique to them and doesn't change, an IP address is like an email address."

"Many devices have their MAC address hard-coded into the factory firmware. This means MAC addresses are particularly useful for collecting identifying data on an individual and creating a highly personal user profile, because they cannot be changed."

"In 2015, Google locked down MAC address access to third-party developers on Android phones. Google also bans app developers from collecting identifying data without a user's consent."

"TikTok circumvented these restrictions and concealed its tracking behind an 'unusual added layer of encryption,' according to the Wall Street Journal's report."

"A 2018 study by AppCensus found that about 1 percent of Android apps were gathering MAC addresses, usually for advertising purposes."

"What is unusual in TikTok's case is the extra steps it took to conceal its workaround, indicating that the company was purposefully collecting sensitive user data in secret. TikTok collected users' MAC addresses for 18 months in violation of Google's rules until November of 2019."

SOURCE: Wall Street Journal
https://www.wsj.com/articles/tiktok-tracked-user-data-using-tactic-banned-by-google-11597176738