TikTok exploited Android security vulnerability to grab MAC addresses, maybe for ad tracking, no way to opt out — stopped in November, WSJ reports

Originally published at: https://boingboing.net/2020/08/11/tiktok-exploited-android-secur.html

1 Like

The orange menace is trying to block this app for all the wrong reasons, but this report is just one of many intentional privacy violations tjat cannot be allowed.

2 Likes

I wonder if this is tied to IPv6. I was frustrated to learn that sometimes IPv6 addresses embed your MAC, depending on the OS used. With IPv4 MAC is an OSI layer 2 deal, and layer 3 isn’t aware of it (AFAIK the Ethernet frame MACs should be shed and re-added as the packet travels from layer 2 segment to segment)

At least that is how I understand it (grain of salt!)

1 Like

You have to admire how quick communist China has been to pick up the sleazier version of modern capitalism.

4 Likes

Since this is affecting Android and not iOS I’m going to make the assumption this is dealing with the Android app for TikTok?

I mean the few times I’ve been on TikTok I just go through Firefox…the same as when I use Facebook. I don’t need another several hundred megabyte unitasking app.

OK, so another vector could be through the intents system, which broadcasts a lot of info out locally to apps running on the device. Here’s a CVE from 2018 that affected certain versions of Android OS:

https://www.cvedetails.com/cve/CVE-2018-9489/

No idea if it would be related to this now (many users don’t update, and given the fragmentation of Android OS I believe some people get stuck with old versions with no viable upgrade path for their device)

But it also could be a newer issue, I didn’t find any articles that cited anything specific yet.

Edit: I was trying to do a normal post but it seems like I’ve replied or something… damned GUIs

We are slowly adopting an authoritarian capitalist operation. Just more subversive and based on the terms in the fine print that no one reads yet signs.

This topic was automatically closed after 5 days. New replies are no longer allowed.