TikTok may have abused a privacy weakness in Google Android to collect mobile device identifiers from millions of users, according to an analysis by The Wall Street Journal.
This adds further pressure to a company which has already come under fire for collecting private user data in the US and India.
Although the company ended collecting user data in this manner back in November 2019, the analysis found that TikTok managed to get round a Google encryption layer violating the company’s policy.
By the time it shut down, it had been collecting MAC addresses for 15 months.
The identifiers the company collected are referred to as MAC addresses. They are predominantly used by advertisers to track consumer behaviour.
The practice is allowed as long as users consent to it. But by storing the MAC addresses, TikTok effectively engaged in ID bridging which Google forbids.
There are claims that some of this data was passed on to parent company ByteDance.
TikTok had previously stated it generally collected less personal data from users compared to social media giant Facebook or Google itself.
The latter confirmed that TikTok was not currently collecting MAC addresses of Android users.
It is believed that around 1% of apps on the Google App Store collect MAC identifiers.
Following the analysis, Senator Josh Hawley called for the removal of TikTok from the Google Play Store.