A week ago, US President Donald Trump signed an executive order to prohibit “any transaction” with TikTok after 45 days if its owner, the Chinese Bytedance, does not sell its operations in the United States to a local company, the which can thus control what the app of Chinese origin does on American soil -in fact, and since TikTok is the viral app of the moment, Microsoft and Twitter have already been interested in buying them.
The reason for such a political decision on a mobile application? Concerns that the data collected by the music video social network will be used for counterintelligence by the Chinese Communist Party. TikTok’s opinion? That these measures constitute “a dangerous precedent for freedom of expression.” And they certainly are, but they are also seen with different eyes after what happened a week later.
The prohibition of MAC addresses
For those who do not know, a MAC address is basically the identifier of any type of hardware used to connect to a network. It is also known as a physical address, and it is unique for each device. In this way, with the MAC address you can identify what type of hardware the device connected to the network has, for example smartphones.
Therefore, MAC addresses have added advertising value, although since 2015, Android does not allow applications to obtain this data from the mobiles on which they are installed. And any type of application that collects a MAC address is incurring an illegality, since it is a practice prohibited by Google. And this is precisely what TikTok has been doing for almost a year and a half no less.
The Android security flaw that TikTok took advantage of
According to an investigation by the Wall Street Journal, which recently also showed how 500 apps illegally collected data from the GPS of millions of mobiles and then sold it even to US government agencies, the TikTok application exploited a security flaw in Android mobiles to collect data from its users’ mobiles for 15 months, including the MAC address.
After an update in 2018, and knowing that what it was doing was going against the laws of Google and Android, TikTok accessed the MAC addresses of those who used its app using an alternative solution that took advantage of a security flaw present in the mobile operating system of Google. A practice that he did for more than a year until November of last 2019.