TikTok, the Chinese-owned video app has collected data from Android devices for at least a year in direct violation of Google’s policies, according to the Wall Street Journal  reports on Tuesday.

According to the Wall Street Journal, an analysis of numerous versions of TikTok found that the app used a technical loophole to collect MAC addresses from Android devices in the 15 months ending in November 2019, apparently in violation of Google policy.

The Journal analysis found that TikTok has used a widely known, unpatched security hole to acquire MAC addresses on Android without disclosure or any ability for users to opt out. TikTok then, bundled it with other data like an advertising ID, potentially violating Google policies prohibiting apps from connecting ad IDs to any persistent identifier (known as ID bridging) without the “explicit consent of the user.” 

Collecting addresses and related data has been banned on Apple and Google for years. But many companies were able to bypass Google’s security measures in place by identifying a loophole. TikTok was among 347 companies who collected such data without user permission.

US President Donald Trump aims to ban American companies from doing business with TikTok’s parent company, ByteDance, which would effectively halt its US operations.