BEIJING — TikTok engaged in a banned data-collecting process that harvested highly personalized information from its users for more than a year, an investigation by the Wall Street Journal has found.
The popular short-video app owned by China's ByteDance collected MAC addresses, which are particularly useful for gathering identifying data on an individual and creating a highly personal user profile, because they are often hard-coded into a device.
TikTok collected users' MAC addresses for 18 months in violation of Google's rules until November of 2019, the Wall Street Journal found.
In 2013, Apple locked down MAC address access to third-party developers.
Google followed suit in 2015 for devices running Android.
Google also bans app developers from collecting identifying data without a user's consent.
TikTok circumvented these restrictions and concealed TikTok's tracking behind an "unusual added layer of encryption," according to the Wall Street Journal's report.
A 2018 study by AppCensus found that about 1 percent of Android apps were gathering MAC addresses, usually for advertising purposes.
What is unusual in TikTok's case is the extra steps it took to conceal its workaround, indicating that the company was purposefully collecting sensitive user data in secret.
TikTok did not respond to detailed questions from the Wall Street Journal.
In a statement, a spokesperson said the company was "committed to protecting the privacy and safety of the TikTok community.
Like our peers, we constantly update our app to keep up with evolving security challenges." The company said "the current version of TikTok does not collect MAC addresses."