TikTok reportedly collected data that identified millions of individual Andriod devices for at least 15 months — a move that violated Google policy.

The practice allowed the video-sharing platform to track those users online, according to a new Wall Street Journal investigation. TikTok didn’t disclose the monitoring to the users or give them an option to opt-out, the paper found.

TikTok reportedly collected what are called MAC addresses from Androids for more than a year — up until a November 2019 app update.

Both Apple and Google app stores have for years banned the collection of the addresses, but TikTok was among 347 companies that found loopholes in the Google Play Store, the Journal reported. The addresses are typically harvested from gaming apps for targeted advertisements.

The investigation comes as the Chinese-owned TikTok faces mounting pressure regarding its data security and a Sept. 20 deadline via an executive order from President Trump to sell off its US operations to an American company.

Trump and his administration have raised red flags over TikTok’s Beijing-based parent company, ByteDance, fearing the app’s data could end up in the hands of the Chinese government.

TikTok has vowed that it would never turn over user data to the government and has argued that American companies like Facebook and Google collect more personal data from their users.

Companies like Twitter and Microsoft have reportedly expressed interest in acquiring TikTok’s US operations, but ByteDance’s CEO, Zhang Yiming, has called the forced timeline for a sale “unreasonable” as the company threatens legal action against Trump’s order.