TikTok Shown to Have Collected Data From Millions of Android Users

New evidence of TikTok’s data mining practices show wrongdoing. Here’s what you need to know.

What Happened:

While preliminary conversations between Microsoft and ByteDance to reach a deal on the acquisition of TikTok are under way, new analysis from the Wall Street Journal shows the popular app violated Google guidelines to collect user data. Specifically, TikTok obtained MAC addresses from users with Android phones. 

Any modern electronic device with internet capabilities has a unique 12-digit MAC address. This information is particularly helpful for apps with targeted advertising, as they can develop consumer profiles based on user behavior. Once a MAC address is obtained, any encryption or privacy measures are limited in protecting long-term tracking of the user’s data.  

Both Apple and Google locked down MAC addresses in 2013 and 2015, respectively. 

Why it Matters:


TikTok’s decision to exploit a well-known security hole to obtain MAC addresses without notifying users or obtaining consent. Integrating this information with other data, such as an advertising ID, violates Google policies. Additionally, users did not have the choice to opt out. While this does not demonstrate intent to blackmail or manipulate users, it does not help ByteDance’s credibility amid threats from Donald Trump

Growing Conflict with China

TikTok was already in hot water prior to evidence of its data collection practices. There’s bipartisan support for revising how TikTok operates, but the Trump administration has gone further to criticize the app in extension of its ongoing trade feud with the Chinese government. 

Trump recently stated that the U.S. “should be reimbursed or should be paid a substantial amount of money” from Microsoft’s acquisition. Seizing and profiting from a Chinese company stands to further fuel the flames.