At the heart of a controversy, the Chinese social network TikTok has not been at all discreet about this one.
Indeed, already accused several times of spying on behalf of the Chinese state, the latter would, for advertising purposes, use a security loophole to collect certain information relating to users' terminals in particular MAC addresses. This is not possible without the latter giving their explicit and voluntary consent.
This article will also interest you: The Chinese social network TikTok in the crosshairs of the Quebec authorities
Although the Chinese app has stopped using this trick since November 2019, it will still be tainted by this irregularity. According to the latest information, the social network has used this tactic of illegal data collection for nearly 15 months.
This information was revealed by the Wall Street Journal, which is in his writings means that TikTok has literally hijacked the information for nearly 1 year. The users who were targeted according to the U.S. media were smartphone users running under Google's OS, Android. This is literally akin to computer hacking when you know that the consent of the latter was not required during that time. The American newspaper reports that the practice would have ceased as of November 18, 2019.
The reason the social network has been interested in the MAC addresses of its users' smartphones is simply because it is an identifier specific to the network card of each device connected to the Internet. It can be a smartphone from a tablet, a games console or even a computer. Because of its uniqueness, this address will allow the user to be identified persistently, because he is unable to change it or even reset it.
Thus, collecting this information increases the advertising potential of the platform that participates in it. And that may be a real source of income. Indeed, MAC addresses allow" to "establish consumer behaviour profiles that persist despite any privacy measures," read the website 9to5Google. In this case, the only way the user can free himself from a follow-up would unfortunately be to change terminals.
Regarding the collection of the MAC address, it should be noted that since 2015 the American giant Google, has formally banned it on its Android platform. Even with the user's consent, the practice is formally banned by the American giant. These latter require applications in its online store the PlayStore not to collect "personal information identifiable or associated with a permanent identification device." The club rules of course as well MAC addresses as IMEI addresses and many others. And of course the rule obviously was violated by the Chinese social network. According to the Wall Street Journal, TikTok allegedly used "an extra and unusual layer of encryption" to hide the information it collected from users of its Android app. An encryption that unfortunately brings nothing more for the security of this personal information collected. If of course it is difficult to make it difficult to potential examinations carried out by a third party, to inquire about the information that was collected by the application.
When questioned by journalists from the American daily, Chinese social network executives were quick to comment. They simply mentioned that the "current version of TikTok does not collect MAC addresses." On the Google side, it has been indicated that a thorough examination will be given to clear up my shadowy part in this case.
Now access an unlimited number of passwords: