TikTok caught collecting MAC addresses for millions of Android users, iOS 14 prevents this

ios 14 random mac addresses Rect 1

These past few months have been rough, too put it lightly for TikTok. The app has come under scrutiny, accusations of working for the Chinese government, and of course President Trump threatening a ban.

Anything remotely negative about the app at this point would do nothing but hurt its chances of staying in the United States. If negativity would hurt its chances, then it just got a real bad wound. A Wall Street Journal report has uncovered that TikTok collected the MAC address for millions of Android users for 18-months, breaking Google Play Store policy.

The reasoning behind Pres. Trump’s ban of the app is concern that it collects American user data that could then be used by the Chinese govnerment for potential blackmail or espionage. The revelation that it collected the MAC address for users, which is unique for every device for millions of people is not likely to play well with the administration,

TikTok has stopped the behavior saying in a statement to the Journal that the current version of TikTok does not collect MAC addresses. Both Apple and Google prevent apps from collecting that information, and according to security experts TikTok was able to bypass it through an “unusual added layer of encryption”.

Google declined to comment on the loophole, instead said it was investigating the incident. As for iOS users, no such security issue has been found. And luckily, iOS 14 has a feature built in to prevent this.

Apple’s upcoming iOS 14 software currently in beta testing is one full of privacy features, from finner-controls over your location to ad-tracking, web browsing, even your clipboard. Included in the software debuting this fall is the ability for users to turn on “Private Address” which will randomize your MAC address for each network you join, as Apple explains:

To communicate with a Wi-Fi network, a device must identify itself to the network using a unique network address called a media access control (MAC) address. If the device always uses the same Wi-Fi MAC address across all networks, network operators and other network observers can more easily relate that address to the device’s network activity and location over time. This allows a kind of user tracking or profiling, and it applies to all devices on all Wi-Fi networks.

To reduce this privacy risk, iOS 14, iPadOS 14, and watchOS 7 use a different MAC address for each Wi-Fi network. This unique, static MAC address is your device’s private Wi-Fi address for that network only.


The feature makes it harder for apps and services to associate your specfic device to your identity given it changes everytime you change a network. The feature goes beyond iOS 14 but also on iPadOS 14, and watchOS 7.

While iOS 14 is privacy heaven for users, its hell for companies like Facebook. iOS 14 provides users with the ability to disable ad-tracking between applications, a feature called IDFA. Identifier for Advertisers (IDFA) is heavily used by advertising companies to track user data, and used by many developers to track users even if they are outside an application.

The Information reported yesterday that Facebook is meeting with gaming companies in preparation for the new feature to debut this fall alongside iOS 14. Facebook and its partners are expecting at least 1+ billion users to opt-out of the feature, which would mean a massive decline in ad effectiveness.

Default image
Sami started falling in love with Apple in 2010 with the iPhone 4S. As a registered developer, he deeply admires the world of Apple. Sami is an aspiring journalist, writer, and actor. He also has devoted his life to sharing his passion and knowledge with others around the world.