As the fate of TikTok now possibly lies in the hands of Twitter following the popular app's reported executive order ban in the U.S. by the Trump Administration, it now looks like people may find a whole other reason to shy away from the social media platform thanks to a recently discovered data breach for Android users.

TikTok Collecting Data Android App Google Violation
Image: Justin Sullivan/Getty Images

A report from The Wall Street Journal details how TikTok stored device-specific addresses through its Android app for a period of at least 15 months between 2018 and 2019 using Media Access Control, or in other words "MAC" addresses. Unfortunately, the Google Play Developer Policy Center strictly prohibits practices like this in its policy, which states an app's advertising identifier "must not be connected to personally-identifiable information or associated with any persistent device identifier without explicit consent of the user.” The device identifiers in this case are the MAC addresses, which TikTok tracked without notifying users and giving them the choice to opt out. In fact, the app used an additional layer of encryption described as "unusual" to collect user data and transmit it back to its servers while concealing the fact it was tracking all along.

TikTok issued the following statement in response to these claims:

“Under the leadership of our Chief Information Security Officer (CISO) Roland Cloutier, who has decades of experience in law enforcement and the financial services industry, we are committed to protecting the privacy and safety of the TikTok community. We constantly update our app to keep up with evolving security challenges, and the current version of TikTok does not collect MAC addresses. We have never given any U.S. user data to the Chinese government nor would we do so if asked.”

Originally done for advertising purposes reportedly, WSJ says TikTok stopped collecting MAC addresses in November 2019.

Does this make you Android users out there distrust TikTok a little more after possibly having your data breached last year? Let us know your thoughts down below in the comments.

[via]