Until 2019, TikTok used an additional layer of encryption for monitoring android users using their device’s MAC address, which bypassed Google policy and allowed users, not to opt-out of it, reports The Wall Street Journal. This form of monitoring, by its study, was also not told to Users.
A study found that the secret monitoring stopped in November when the company’s U.S. scrutiny dialled up at least 15 months after TikTok had acquired the fixed identifier without the user’s knowledge.
A MAC address is a unique identification number assigned to a device when linked to the Internet. This can be used to track an individual and ad targeting purposes.
TikTok seems to have used a known Android vulnerability to gather MAC addresses of users that Google has not yet patched, as per The Wall Street Journal.
A TikTok Representative has not denied or answered questions Tech Crunch have sent in their report.
If TikTok was hiding its the monitoring of MAC address from users, it is hard to say what the legal reason would be — will probably not be acceptable. There could be significant fines in respect of violations of GDPR (France’s, CNIL slapped Google under the same law last year with a $57 million fine).
“If Google is telling users they won’t be tracked without their consent and knowingly allows apps like TikTok to break its rules by collecting persistent identifiers, potentially in violation of our children’s privacy laws, they’ve got some explaining to do,” Senator Josh Hawley (R-MO) Said. He also added that Google should ban Tiktok from Google Play Store.
Tech Crunch Reached Out Google for Comment on this matter.