banner



TikTok secretly tracked millions of Android users — what you need to know

TikTok secretly tracked millions of Android users — what yous demand to know

The TikTok logo displayed on a smartphone screen with a computer keyboard in the background.
(Prototype credit: Primakov/Shutterstock)

The TikTok Android app secretly stole an of import ID number from millions of users' phones and smuggled it past Google'southward watchdogs by wrapping the ID number in an unusual layer of encryption, The Wall Street Journal reported yesterday (Aug. eleven).

The ID number, known as a MAC address, is a unique 12-digit hexadecimal (numerical base 16) code. Every device in the world that uses Wi-Fi, Ethernet or Bluetooth, from supercomputers to to smartphones to smartwatches, has at least one MAC address.

  • Trump enacts TikTok ban: What to know about the executive society
  • Is TikTok prophylactic? Everything you (and parents) demand to know

Considering MAC addresses can't be inverse, they can exist used to place individual devices permanently.

Google blocks Android apps from reading devices' MAC addresses and forbids their collection, merely TikTok apparently used a known workaround to practice so anyway. It then transmitted the MAC addresses to servers belonging to TikTok parent company ByteDance, The Journal said, using an extra measure of encryption in a possible attempt to muffle the practice from Google.

"Information technology's a manner of enabling long-term tracking of users without any power to opt out," mobile-app skillful Joel Reardon told The Journal. "I don't see some other reason to collect information technology."

Citing fears that the Chinese government might exist using TikTok to spy on Americans, U.S. President Donald Trump earlier this month threatened to ban TikTok from the U.S. market unless the company was sold to an American firm by mid-September. Microsoft is said to be interested purchasing TikTok from ByteDance.

In a statement to TechCrunch, TikTok said: "We constantly update our app to go on up with evolving security challenges, and the current version of TikTok does non collect MAC addresses. Nosotros accept never given whatsoever TikTok user data to the Chinese government nor would we do then if asked."

Super-tracking

Google and Apple permit apps to rail smartphones using advertising IDs, but those advertising IDs periodically change and users can opt out of having them assigned. Users tin can also manually reset advertising IDs.

Experts who spoke to the Periodical doubtable that TikTok used the MAC addresses to "bridge" advertisement IDs, linking expiring IDs to newly issued ones in society to meliorate track individual devices.

To employ an automotive metaphor, an advertising ID is like a machine's license plate. A MAC accost is like the Vehicle Identification Number stamped underneath the windshield.

TikTok stopped collecting MAC addresses afterwards an app update in November 2019, according to The Journal'south tests. Google told The Journal that information technology was looking into the matter.

The Periodical, which examined nine different version updates of the TikTok Android app, said the MAC-accost collection had been happening since at least April 2018. It's non articulate whether anything like occurred on iPhones.

TikTok was non the only app collecting MAC addresses, The Journal said. Information technology cited a study by Reardon'southward company, AppSense, that estimated that about 1% of Android apps did so in 2018. The Journal added that other than the MAC addresses, TikTok did not collect an unusual corporeality of user information.

But TikTok'due south concealing of the MAC-address data in an extra layer of encryption was indeed unusual, cybersecurity expert Marc Rogers told The Journal, especially since all data going back and forth between ByteDance servers and TikTok users was already encrypted by normal methods.

"My guess is that the reason they do that is to featherbed detection by Apple or Google," Rogers told The Periodical. "If Apple tree or Google saw them passing those identifiers back they would nigh certainly reject the app."

Paul Wagenseil is a senior editor at Tom'due south Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security infinite for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom'due south Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown upward in random Telly news spots and even moderated a panel discussion at the CEDIA domicile-engineering science conference. You tin follow his rants on Twitter at @snd_wagenseil.

Source: https://www.tomsguide.com/news/tiktok-android-mac-address-tracking

Posted by: spencerexcitind.blogspot.com

0 Response to "TikTok secretly tracked millions of Android users — what you need to know"

Post a Comment

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel