As per a report from the WSJ, TikTok had been silently collecting Mac addresses from Android users to track them. This was against TikTok's own privacy policies, as well as Google's policies for Play Store apps.
TikTok collected millions of unique identifiers through this method, over a period of 18 months, without users ever opting-in or even being aware of what was happening. The company was concealing this practice by adding a layer of encryption so that Google does not find out. It only stopped this practice in November 2019, as per the Wall Street Journal. All this happened before the focus on TikTok's security and privacy policies started this year in the United States, but this news will still give more ammo to those who want to see the app blocked.
At the time of writing, TikTok gathers the same amount of data that any other social network or advertisement company like Google, Facebook, Instagram, or Twitter capture. It is highly likely that TikTok was capturing and using the data for advertisement purposes, however, the company has refused to share any details except that its current version of the app does not capture Mac addresses.
In a statement, TikTok said that it is “committed to protecting the privacy and safety of the TikTok community. Like our peers, we constantly update our app to keep up with evolving security challenges.” It added that “the current version of TikTok does not collect MAC addresses.”
Google declined to comment on the incident as to how TikTok went unnoticed for a long time while collecting data that it wasn't allowed to. Meanwhile, there have been no reports of TikTok capturing Mac addresses on iOS. iOS 14 even goes ahead and randomize Mac addresses for iOS 14, iPadOS 14 and watchOS 7 to ensure that each Wi-Fi network that the device connects to, sees a different Mac address. This will make it difficult for advertisement networks and other services with malicious intent, to track users with accuracy.