Though mobile applications used to be able to freely collect MAC addresses (media access control addresses, IDs usually associated with advertising targeting), both the Google Play Store and Apple’s App Store had banned the practice by 2015. It is said TikTok was able to bend the rules via a loophole.

The company said in a statement that it is “committed to protecting the privacy and safety of the TikTok community. Like our peers, we constantly update our app to keep up with evolving security challenges … the current version of TikTok does not collect MAC addresses.”

Google Play Store policies state that ad IDs can’t be attached to personally identifiable information, but TikTok’s parent company ByteDance storing these MAC addresses would allow it to technically track an individual’s identity by linking together the occurrence of the same MAC address when their TikTok account was opened on several devices. Even if users deleted the app and signed in on a new device with a brand new user account, the MAC address is the same.

The news comes at a difficult time for TikTok as it finds itself under threat of ban from the US, accused as it is of collecting data on US citizens in the interests of the Chinese Communist Party. Microsoft is in talks to acquire the company’s US operations.