The move involved an unusually heavy layer of encryption, mobile phone security experts said, and went against Google's policies on how information can be tracked and stored, according to WSJ. TikTok did reportedly end this practice in November, however.
The identifiers in question, called media access control (MAC) addresses, are often used for advertising. Around 1 percent of Android apps collect MAC addresses, according to a 2018 study quoted by WSJ.
The MAC address is a 12-digit code that is a unique number found in any internet-ready electronics, including mobile phones. The addresses can be used in advertising because they are unable to be altered or reset, which allows third-party apps to use them to build consumer behavior profiles that weather any privacy measures except for the user getting a new phone entirely.
The new findings come as TikTok and its parent company, ByteDance, are under heavy scrutiny by multiple sources worldwide, including the White House. The White House's worry is that TikTok could use information for blackmail or espionage, building dossiers to use against important figures, WSJ reported.
TikTok's position is that it still collects less data than U.S. companies like Facebook or Google.
President Donald Trump is vehement about some action being taken against TikTok, according to Treasury Secretary Steven Mnuchin. Trump has said he intends to ban the app from operating on U.S. shores, and has prohibited U.S. companies from doing business with ByteDance after Sept. 15.