Security News > 2020 > August > TikTok Surreptitiously Collected Android User Data Using Google-Prohibited Tactic
TikTok has been collecting unique identifiers from millions of Android devices without their users' knowledge using a tactic previously prohibited by Google because it violated people's privacy, new research has found.
The app bundled the MAC address with other device data and sent it to ByteDance upon the app's first installation and opening on a new device, according to the report.
Mobile apps collect various data on users for advertising purposes, which has always been a point of contention for privacy advocates.
President Trump recently threatened to ban the app in the United States out of fear that it's surreptitiously collecting data on U.S. government employees and contractors to use in China's cyber activities against the United States.
TikTok has said it doesn't share data with the Chinese government and would not violate user privacy even if asked, according to the WSJ. However, many security experts have warned that due to the security flaws of the app and China's stance on cybersecurity, it's likely the Chinese government has access to whatever data the app does.
News URL
Related news
- Malicious Android 'Vapor' apps on Google Play installed 60 million times (source)
- Google Gemini's Astra (screen sharing) rolls out on Android for some users (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities (source)
- Google adds Android auto-reboot to block forensic data extractions (source)
- Update ASAP: Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers (source)
- Google fixes actively exploited FreeType flaw on Android (source)
- Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android (source)