CATEGORIES
home News

TikTok Caught Exploiting Google Security Vulnerability To Track Millions Of Android Users

by Shane McGlaunWednesday, August 12, 2020, 09:40 AM EDT
tiktok phone grass

The Chinese-owned social networking application TikTok has been the center of attention the last several weeks as President Trump has moved to ban the app and force the company to divest its United States operations. Many people sided with TikTok and were upset at President Trump for trying to take action against the social networking app. Now, however, TikTok has been busted for collecting identifiable user data from millions of Android users in direct violation of Google policies.

A Wall Street Journal report found that the application was collecting unique identifiers from millions of mobile devices that allow it to track users online without giving users the ability to opt-out. Mobile security experts say that the app concealed its tracking activity using "an unusual" added layer of encryption. The app for a long tie was collecting the MAC address of Android devices, but stopped collecting the data in November 2019.

When President Trump started talking about banning TikTok in the United States, he and his administration were worried that the application collected data on Americans that could potentially be used for blackmail or espionage. Google is investigating the findings and offered no comment on the method TikTok used to collect the information. TikTok says the current version of its app doesn't collect MAC addresses.

Mobile security firm AppCensus co-founder Joel Reardon said tracking the MAC address is a method for long-term tracking of users without giving them the ability to opt-out. The MAC address doesn't change unless the user buys a new device. Reardon noted that he sees no reason to collect MAC addresses other than user tracking.

The security vulnerability leveraged to collect MAC addresses was known to Google since last June and remains unpatched. The WSJ report claims that TikTok captured the information for at least 15 months and only ended the collection as it fell under increasing scrutiny from Washington.

The latest discovery isn't the first time TikTok was caught being shady. In June of this year, the app was reverse engineered and was described as a "data collection service" by the researcher behind the investigation. Both Microsoft and Twitter are reportedly in talks to purchase the U.S. operations of TikTok, but it's unclear if either will ultimately close a deal.

Tags:  Android, Google, security, (nasdaq:goog), tiktok, bytedance
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment