TikTok's Android version app violated policy and collected MAC address for over a year revealed


by

Solen Feyissa

President Donald Trump of the United States is requesting 'Sold TikTok to an American company by September 15, 2020' for the short movie sharing application ' TikTok ' developed and operated by ByteDance of China. Meanwhile, a report from the Wall Street Journal revealed that TikTok violated Android policy and continued to collect MAC addresses of physical addresses that can identify terminals for over a year.

TikTok Tracked User Data Using Tactic Banned by Google-WSJ
https://www.wsj.com/articles/tiktok-tracked-user-data-using-tactic-banned-by-google-11597176738

TikTok collected MAC addresses for 15 months on its Android app-The Verge
https://www.theverge.com/2020/8/11/21364017/tiktok-mac-address-collected-identifier-android-violation

TikTok used loophole to collect MAC addresses on Android-9to5Google
https://9to5google.com/2020/08/11/tiktok-android-mac-address/



For some time, TikTok has been worried that 'it may be sending data to China,' and both Democratic and Republican parties in the United States said

'TikTok has privacy concerns, so use it. Please refrain from doing this.' On August 6, 2020, Congress passed a bill that banned government employees from using TikTok on government-issued devices, accelerating the move to eliminate TikTok in the United States.

A bill prohibiting the use of TikTok by government officials is passed by the US Congress, further accelerating the elimination of TikTok in the US-GIGAZINE



President Trump announced that 'TikTok will not be used domestically unless TikTok is sold to an American company by September 15, 2020', and TikTok will be closed in the US unless proper sale is made He said. As an American company that acquires TikTok, Microsoft, which has been negotiating for the acquisition of TikTok for a long time, has made a name of itself.

President Trump requests TikTok to ``sell to an American company by September 15, 2020'', Microsoft takes on the acquisition-GIGAZINE



Meanwhile, the Wall Street Journal reported that 'TikTok's Android application violated the rules of the platform and continued to collect MAC addresses of physical addresses that can identify terminals for at least 15 months' .. The MAC address helps identify each user's device and, if collected, helps in advertising and tracking users.

By 2015, the App Store on iOS and the Google Play Store on Android will have a policy that 'prohibits the collection of personally identifiable information or persistent device identifiers through apps distributed in the app store.' It was The information that is prohibited from being collected by this policy includes the MAC address that is uniquely assigned to the hardware, but the Android version of TikTok's Android app still uses 'loopholes' even after this policy has been established. He continued to collect MAC addresses.

According to The Wall Street Journal, TikTok sent the MAC address to ByteDance when the user first opened the Android version of the app, before getting the user's consent. This data transmission was hidden by an 'anomalous extra layer of encryption' with no security benefit. The encryption layer made it harder for third parties to analyze apps for compliance with their privacy policies, the Wall Street Journal notes. It is said that the collection of MAC addresses ended with the update on November 18, 2019, but it seems that they were collecting MAC addresses that violated the policy for at least 15 months.

In addition, it is also known that it is not only TikTok that avoids policy restrictions by the same method, but that 350 applications distributed in the Google Play store use the same loophole. 'The latest version of TikTok doesn't collect MAC addresses,' TikTok said, but didn't comment on past app practices.


by Solen Feyissa

This report could affect the deal with Microsoft and TikTok. Microsoft, which is promoting the acquisition of TikTok, said, 'By separating the code that is partially shared with other ByteDance products, such as data storage, content monitoring and recommended algorithms, user profile management, TikTok is technical 'How to make Microsoft a subsidiary' has become a major issue.

Exclusive: Microsoft faces complex technical challenges in TikTok carveout-Reuters
https://www.reuters.com/article/us-usa-tiktok-cybersecurity-exclusive/exclusive-microsoft-faces-complex-technical-challenges-in-tiktok-carveout-idUSKCN256100



Moreover, TikTok is fundamentally a social media for young people, a business different from the enterprise content offered by Microsoft. Of course, the advertising revenue from TikTok benefits Microsoft, but it also requires monitoring the huge amount of content posted. It has been pointed out that Microsoft needs to invest a large amount of capital and technical force to monitor false positives, conspiracy theories, violent or sexual content on social media.

Microsoft buying TikTok could lead to problems monitoring social media content
https://www.cnbc.com/2020/08/10/microsoft-buying-tiktok-could-lead-to-problems-monitoring-social-media-content.html



In addition, it is not only TikTok that President Trump is trying to ban transactions in the United States, but we also announced that we will also ban WeChat , which is a Chinese chat application.

45 days after wechat deal with US banned together with TikTok (Photo = Reuters): Nihon Keizai Shimbun
https://www.nikkei.com/article/DGXMZO62406630X00C20A8MM0000/



in Mobile,   Software,   Security, Posted by log1h_ik