Taking too long? Close loading screen.
Connect with us

Tech

Report: TikTok Collected Persistent IDs From Android Phones in Apparent Violation of Google Policy

Published

on

TikTok, the Chinese-owned video app that Donald Trump’s administration is incoherently threatening to ban from the U.S. and may be gearing up for a court fight in response, quietly collected persistent identifiers from Android devices for 15 months, according to a report in the Wall Street Journal.

Advertisement

According to the Journal, an analysis of numerous versions of TikTok found that the app used a technical loophole to collect MAC addresses from Android devices in the 15 months ending in November 2019, apparently in violation of Google policy. MAC addresses are persistent identifiers that generally can’t be changed on on phones via any method short of rooting a device or buying a new one. Apple locked down access to MAC addresses in 2013, according to the paper, and Google did the same in 2015.

The Journal analysis found that TikTok, owned by Beijing-based ByteDance, used a widely known, unpatched security hole to acquire MAC addresses on Android without disclosure or any ability for users to opt out. TikTok then bundled it with other data like an advertising ID, potentially violating Google policies prohibiting apps from connecting ad IDs to any persistent identifier (known as ID bridging) without the “explicit consent of the user.” While TikTok users could reset their ad IDs through the app’s settings, ByteDance’s possession of the persistent MAC addresses might have made that a useless gesture.

Advertisement

Possession of a user’s MAC address could also expose them to future tracking—which is obviously not a good look with respect to allegations from U.S. officials that ByteDance could use TikTok to spy on Americans on behalf of the Chinese government. There’s never been any publicly released hard evidence to suggest those concerns are anything but theoretical. The Trump administration’s brazenly transactional approach to TikTok, including demands that ByteDance sell the app to a U.S. company like Microsoft or Twitter and that the U.S. Treasury should get a cut of the deal, suggests that raising the specter of espionage could partially be a pretext to strong-arm ByteDance. While various app store policies may prohibit the practice, collecting MAC addresses is not exactly Mr. Robot-level hacking.

According to the Journal’s report, however, ByteDance also used a custom layer of encryption to send the bundled data back to its servers. Experts told the Journal those measures could be designed to prevent Apple or Google from noticing the violations of their policies, but it could also be an additional layer of security for mundane purposes.

ByteDance has insisted that no user data collected in the U.S. is ever sent to China, and the simplest explanation as to why it would want to collect MAC addresses is to plump up its lucrative ad business. The date ByteDance stopped collecting the data, though, is just a week after the U.S. reportedly launched a national security review of TikTok. That sure sounds like someone quickly realized this wouldn’t look good under scrutiny, regardless of whether practically everyone else is engaged in shady tracking practices. It’s also possible that collecting MAC addresses from younger users without disclosure or an opt-out function could get it into trouble with the Federal Trade Commission, which enforces the Children’s Online Privacy Protection Act.

The Journal wrote that other than the MAC addresses, TikTok didn’t appear to collect “an unusual amount of information for a mobile app, and it disclosed that collection in its privacy policy and in pop-ups requesting the user’s consent during installation.” It also wrote that while ID bridging is common—according to a 2019 AppCensus report, some 70 percent of over 25,000 popular apps pair ad IDs with at least one persistent identifier, many of which send the info directly to ad servers—using the MAC address loophole is less so. A 2018 AppCensus analysis found just 347 of over 25,000 apps utilized it.

Advertisement

Joel Reardon, AppCensus co-founder and a University of Calgary assistant professor, told the Journal he reported the loophole to Google in June 2019 and was told the company was already aware of it.

“It’s a way of enabling long-term tracking of users without any ability to opt-out,” Reardon told the paper. “…I was shocked that [the loophole] was still exploitable.”

Advertisement

“We constantly update our app to keep up with evolving security challenges, and the current version of TikTok does not collect MAC addresses,” a TikTok spokesperson told the Verge. “We always encourage our users to download the most current version of TikTok.”

[WSJ]

Advertisement

Source : Gizmodo Read More

Continue Reading
Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Tech

Charge Your Phone Wirelessly With 50% off a Multifunctional LED Lamp

Published

on

Best Tech DealsBest Tech DealsThe best tech deals from around the web, updated daily.

White Wireless Charge Lamp | $18 | Amazon | Clip coupon + code ABC88699
Black Wireless Charger Lamp | $20 | Amazon | Promo code ABC88699

When you’re ready to turn in for the night, you don’t want to forget to charge your phone— especially if your mobile device doubles as your alarm clock.

With this wireless charger lamp, you can make this crucial step of your nightly routine even easier by just setting your phone on the wireless charging pad and… well, that’s all there is to it!

Advertisement

Other functions include multiple lighting modes as well as a sleep timer option for auto shut-off of the light after 30 or 60 minutes.

This lamp can be yours in white for $18 if you clip the coupon on Amazon (it’s below the original $40 price) and add promo code ABC88699 at checkout.

You can snag the black version for $20 using the same code—no coupon though, sorry.

Don’t sleep on this deal! Who knows how long stock or the coupon code will last?

Advertisement


Source

Continue Reading

Tech

Keep That Hotdish Hot With 65% Off a Luncia Casserole Carrier, Only $11 With Promo Code

Published

on

Best Home DealsBest Home DealsThe best home, kitchen, smart home, and automotive deals from around the web, updated daily.

Luncia Double-Decker Dish Carrier | $11 | Amazon | Promo code SDDU9S7F

It has been a long time since the days we could safely have a potluck or other gatherings, but we have a fantastic deal perfect for once those times return. These double-decker Luncia dish carriers can be had for 65% off when you add promo code SDDU9S7F at checkout and clip the coupon on the site (it’s just below the price). These holders fit 9″x 13″ sized baking dishes.

Advertisement

That means you can insulate and keep two dishes of food warm for only $11 instead of $30. What’s more, your Luncia carrier will arrive by Christmas if you order today as a Prime member.

Just add promo code SDDU9S7F and clip the 5% off coupon to bring the price down to $11 for the blue or the grey option.

Advertisement

Grab this offer while it’s still around!


Source

Continue Reading

Tech

Conquer Your Pup’s Dander and Fur With $700 Off a Cobalt or Charcoal Bobsweep PetHair Plus Robot Vacuum

Published

on

Best Home DealsBest Home DealsThe best home, kitchen, smart home, and automotive deals from around the web, updated daily.

Bobsweep PetHair Plus Robot Vacuum & Mop (Cobalt) | $200 | Best Buy

Bobsweep PetHair Plus Robot Vacuum & Mop (Charcoal) | $200 | Best Buy

Allergies can be bad enough as the seasons change. Don’t let pet hair and dander add to that by vacuuming it up early and often. That chore is easier said than done— unless you have a robot vacuum to do the work for you. This lovely bright cobalt Bobsweep PetHair Plus robot vacuum and mop, only $200 today at Best Buy seems like an ideal option. That’s a whopping $700 off, by the way.

Advertisement

You can get the same deal for the charcoal version of the robot vac, too. This model is not only specially made for picking up pet hair, it self docks and charges when it’s finished with the work.

It also comes with a mop attachment, so it can take care of those kitchen floors for you as well. Grab it while it’s still available for this fantastic price!

Advertisement


Source

Continue Reading

Trending