• Home
  • monitor
  • It turned out that Tiktok and Android terminal -specific information was unauthorized.Currently modified (WSJ report)
17 Jan, 2023

It turned out that Tiktok and Android terminal -specific information was unauthorized.Currently modified (WSJ report)

The popular video app Tiktok has repeatedly denied connections with the Chinese government when expanding its business in the United States, but the suspicion is not clear, and business sales are said to be Microsoft (or other companies).If it is not established, it will be difficult to continue services in the United States.

Wall Street Journal analyzed each version from 2018 to 2020 to confirm that the Tiktok app really sends some information somewhere, "Collect extraordinary information as a mobile app.I didn't do it. "However, in the version until the end of 2019, the app reported that the app has acquired a MAC address, which is a terminal -specific value, by bypassing the Android protection function.

The MAC address is unique to devices used for network communication and cannot be changed normally.If the app can get this value, it will be possible to track that the terminal is used by different users.For this reason, Android usually uses an anonymization ID that users can change to avoid notifying the MAC address to the app.

However, the Android version of the Tiktok app was sent to the server of Bytedance through a special communication layer that encrypts this MAC address before the user starts and starts using it.Tiktok claims that the latest Tiktok app does not collect MAC addresses.But I didn't mention how the past apps were.

TikTok、Android端末固有の情報を無断収集していたことが判明。現在は修正済(WSJ報道)

Approximately 350 apps that collect MAC addresses using the vulnerabilities used by the Tiktok app have been found in Google Play Store, and famous places are Amazon's Fire TV app, TV recording terminal ROKU apps, etc.It is known that the MAC address was acquired by bypassing the use of an anonymization ID.Roku has revised the problem after the acquisition of the MAC address in 2019.

The MAC address is just a terminal -specific value, which does not immediately lead to personal information leakage.Rather, it seems to have been used for user tracking type advertising distribution, but in any case it must have been not based on the policy for the application that had been established before.In addition, the latest version of Tiktok says that the problem has been solved ... but if you are worried, you do not need to use it.For example, FAEBOOK (… it is a company that was in agony with personal information gathering at one time) has already been announced that it will provide a Tiktok opponent video posting service REELS.

Source: Wall Street Journal

VIA: The Verge

Prev Next