Video-sharing platform TikTok has faced a great deal of scrutiny from U.S. regulators over its data collection practices and its connection to the Chinese government. While it has defended itself and even offered to share its algorithms with the cybersecurity community, a recent investigation by the Wall Street Journal suggests that it had been tracking Google Android users for months without their knowledge or consent.
The publication reports that TikTok circumvented Google privacy safeguards to collect MAC addresses from Android users for 18 months before stopping the practice last November, when scrutiny from the U.S. government was ramping up. MAC addresses can act as identifiers that are unique to individual devices and could be used to serve users targeted ads.
The new finding contrasts starkly with the company’s reaction to an executive order issued last week that seeks to ban the app from the U.S. over data privacy concerns.
“We want the 100 million Americans who love our platform because it is your home for expression, entertainment, and connection to know: TikTok has never, and will never, waver in our commitment to you. We prioritize your safety, security, and the trust of our community -- always,” the company said in a blog post.
Feds clash with TikTok
The Trump administration previously cited concerns that TikTok and other Chinese apps like WeChat are able to gather data and share that information with the Chinese government.
“TikTok automatically gathers vast swaths of information from its users, including internet and other network activity information such as location data and browsing and search history,” the administration’s executive order stated. “This data threatens to allow the Chinese Communist Party (CCP) access to Americans’ personal and proprietary information -- potentially allowing China to track the locations of Federal employees and contractors, build dossiers of personal information and blackmail, and conduct corporate espionage.”
While the Journal’s investigation shows no evidence of this kind of agenda, the findings do place a dark cloud over the company’s stance on user privacy and security. In response to the report, a TikTok spokesperson reaffirmed that the company prioritizes user security.
“Under the leadership of our Chief Information Security Officer (CISO) Roland Cloutier, who has decades of experience in law enforcement and the financial services industry, we are committed to protecting the privacy and safety of the TikTok community. We constantly update our app to keep up with evolving security challenges, and the current version of TikTok does not collect MAC addresses. We have never given any TikTok user data to the Chinese government nor would we do so if asked,” the spokesperson said.
In a statement to the Journal, Sen. Josh Hawley (R-Mo.) called on Google to take action to prevent TikTok and other apps from skirting its security to collect consumers’ data.
“Google needs to mind its store, and TikTok shouldn’t be on it. If Google is telling users they won’t be tracked without their consent and knowingly allows apps like TikTok to break its rules by collecting persistent identifiers, potentially in violation of our children’s privacy laws, they’ve got some explaining to do,” he said.