The Chinese-origin platform TikTok collected for 15 months a series of data from Android users downloading the app for the first time. The information technically should not be accessed by the social network or sent to the ByteDance developer’s own servers.
Who made the complaint was the newspaper The Wall Street Journal, who explained the trickery carried out by the company. TikTok exploited an Android vulnerability to collect sensitive user data while circumventing Google’s established privacy rules.
With this, TikTok had access to information that even includes the MAC address of users, a mandatory code for devices that can connect to the internet and that, if crossed with other data, can help identify users more easily. In addition, the company threw an extra layer of encryption under this information, to hide that it was getting hold of it and sending it to its servers.
(even more) complicated situation
The action lasted about 15 months, until November last year, and is no longer carried out by the company. In response to the original report, Google confirmed the breach and stressed that TikTok wasn’t the only service that took advantage of the bug. Either way, she’s going to conduct internal investigations to look into the case.
The complaint is one of the many controversies involving the platform. Seen as a threat to national security, the social network has been banned in the United States and will be banned from September. Microsoft is one of those interested in acquiring regional or global operations to keep the service operating in the country.