TikTok collected user data from millions of smartphones using a tactic banned by Google and without notifying users for over a year before the Chinese video-sharing app ended the practice last year.
TikTok tracked the unique MAC (media access control) addresses of Androids, which are often used for advertising purposes, and concealed its activity with an extra layer of encryption, according to a Wall Street Journal analysis.
The data collection was not disclosed to users and appears to flout Google privacy policies.
The video-sharing app persisted in collecting the unique user identifiers for at least 15 months before stopping the tactic in November amid new scrutiny by the U.S. over the app’s security issues.
“The current version of TikTok does not collect MAC addresses,” the company said in a statement to the Journal.
TikTok’s Chinese owner ByteDance is currently under pressure from Washington to sell TikTok or face being potentially blacklisted in America.
Microsoft has reportedly been in talks to acquire the video-sharing platform’s U.S. operations. Senator Josh Hawley on Wednesday demanded that Microsoft assure that TikTok has severed all ties with the Chinese Communist Party as a prerequisite of any potential acquisition of the social media platform.
The Missouri Republican argued that if TikTok is allowed to preserve ties with its parent company or the Chinese government, vulnerabilities in the app could allow the Chinese Communist Party to collect the data of Americans.
Last week, Hawley’s bill banning the video-sharing app on government-issued devices passed the Senate.
President Trump said last week that TikTok has until September 15 to find an American buyer for the app, and if they fail to secure a purchaser he will shut down the app in the U.S.