TikTok can bypass Google's protection, which blocks third-party apps from reading the ID, using a loophole in Android devices to track Mac addresses. According to Engadget's latest report, the short-video app's future is still unpredictable since it is still considered an acquisition target and a security risk at the same time.
TikTok Can Bypass Google's Security Protection and Track Mac Addresses
WSJ: TikTok used a loophole to track MAC addresses on Android https://t.co/OgjL56Hnh2 via @ric9871ric #retweet #pleaseretweet pic.twitter.com/9M8ra8EaGM — Ric Olsen (@Ric9871Ric) August 12, 2020
A new report released by the Wall Street Journal revealed how TikTok had been able to track the information of its users. According to the report, TikTok uses a tactic banned by Google. Mobile-phone security experts explained that this tactic was concealed through an unusual added layer of the app's encryption, which violates Google's policies.
The Wall Street Journal's analysis discovered that TikTok collects unique identifiers from millions of mobile devices. The identifiers allow the video app to track users online without allowing them to opt out.
Several versions of the Android app was analyzed from 2018 through 2020, explaining that it "wasn't collecting an unusual amount of information for a mobile app." But, late in 2019, the researchers found out that TikTok uses a known security flaw to bypass Android's protections so that it can track users' information via the Mac address of their device.
How TikTok breaches Google's protection
It was explained that Android's security flaw allows Mac address to identify a device on a network and is usually not changed. The Mac code can allow a person to track the users' installations across various accounts that take place on the same device.
TikTok Can Bypass Google's Security Protection and Track Mac Addresses
https://t.co/l16q1iSaqp #Technology "Trump Targets WeChat and TikTok, in Sharp Escalation With China" by Ana Swanson, Mike Isaac and Paul Mozur via NYT pic.twitter.com/aSNOQccGIX — Shawn Azar (@cydiasa) August 7, 2020
The known loophole can allow someone to link a person's ID to a particular piece of hardware. WSJ's research explained that compared to Mac address, which does not allow users to change the code, Google presents an anonymized advertising ID that can be easily reset by its users, giving them more capabilities to opt-out.
It was also explained that the Mac address could be used in other techniques of "ID bridging." TikTok clarified on November 28, 2019, that it already removed its tracking feature using an update, claiming that the current version no longer collects Mac addresses. The analysis stated that the way mobile platforms links user identities to hardware, without notifying the users, is troubling.
For more TikTok news updates, always keep your tabs open here at TechTimes.
Also Read: [PSA] Stalkers Will Know Your Running Routes Online: Don't Post Running Activities
This article is owned by TechTimes,
Written by: Giuliano de Leon.
