TikTok is alleged to have collected the MAC (media access control) addresses of Android devices without the users' consent. Although Google previously banned this practice, TikTok continued to secretly steal device data for over a year.

How TikTok Broke the Google Play Store's Rules

According to the Wall Street Journal, the China-based TikTok tracked the MAC addresses of Android devices for at least 15 months. TikTok began using this tactic in 2018.

If you don't know what your MAC address is used for, it's a unique hardware identifier for your device. This number can be used to find and track your device as you browse the internet.

You can't change or reset your MAC address, making it useful for advertisers. By using your MAC address, advertisers can push tailored ads based on the content you look at.

In other words, TikTok likely stole MAC addresses for advertising purposes, a violation of the Google Play Store's policies. The Google Play Console Help page clearly states Google's policies regarding advertising and the use of MAC addresses:

The advertising identifier may not be connected to persistent device Identifiers (for example: SSAID, MAC address, IMEI, etc.) for any advertising purpose. The advertising identifier may only be connected to personally-identifiable information with the explicit consent of the user.

Not only did TikTok fail to ask for users' consent, it also used a layer of encryption to cloak its activities. You can opt to reset your advertising ID on other apps, but because TikTok makes use of your MAC address, it's impossible to refresh it.

TikTok stopped collecting MAC addresses in November 2019. This just so happens to coincide with when TikTok began receiving heavy criticism from several countries.

The TikTok Controversy Continues

The ByteDance-owned TikTok is no stranger to controversy. With the US on the verge of banning the app due to the security threats it poses, ByteDance still insists it has no malintent. That said, it might be time to delete your TikTok account.