Security News > 2021 > January > Report: TikTok Harvested MAC Addresses By Exploiting Android Loophole
The ongoing controversies surrounding TikTok hit a new gear on Thursday with a bombshell report accusing the Chinese company of spying on millions of Android users using a technique banned by Google.
The Wall Street Journal said TikTok was exploiting a loophole to collect MAC addresses for at least 15 months.
TikTok responded to the WSJ's findings by saying "The current version of TikTok does not collect MAC addresses" but the investigation found that the company had been harvesting that data for many months.
"TikTok bypassed that restriction on Android by using a workaround that allows apps to get MAC addresses through a more circuitous route, the Journal's testing showed. The security hole is widely known, if seldom used, Mr. Reardon said. He filed a formal bug report about the issue with Google last June after discovering the latest version of Android still didn't close the loophole."I was shocked that it was still exploitable," he said.
Mr. Reardon's report was about the loophole in general, not specific to TikTok.
TikTok collected MAC addresses for at least 15 months, ending with an update released Nov. 18 of last year, as ByteDance was falling under intense scrutiny in Washington, the Journal's testing showed.