“To me, this is a stark reminder of the few or weak privacy guarantees we get from Play Store,” Wallenstrom tells me. “TikTok spent years collecting sensitive data knowingly and openly against the store policy. Privacy tends to lose if Google has to choose between protecting end users versus wild success and rampant adoption—and revenue. Google might argue that the App Store isn’t any better… and they would be mostly right. But this need not be a race to the bottom.”
Wallenstrom is also highly critical of TikTok’s use of encryption to wrapper the MAC data. “There are perfectly legitimate reasons to add extra layers of encryption inside TLS—we do this at Wickr. But TikTok was encrypting very select data to significantly increase the effort required for a third-party to detect the policy violations.”