Facebook and Instagram apps can track users via their in-app browsers




 

If you visit a website you see on Facebook and Instagram, you've likely noticed that you're not redirected to your browser of choice but rather a custom in-app browser. It turns out that those browsers inject javascript code into each website visited, allowing parent Meta to potentially track you across websites, researcher Felix Krause has discovered.

"The Instagram app injects their tracking code into every website shown, including when clicking on ads, enabling them [to] monitor all user interactions, like every button and link tapped, text selections, screenshots, as well as any form inputs, like passwords, addresses and credit card numbers," Krause said in a blog post.

His research focused on the iOS versions of Facebook and Instagram. That's key because Apple allows users to opt in or out of app tracking when they first open an app, via its App Tracking Transparency (ATT) introduced in iOS 14.5. Meta has previously said that the feature was "a headwind on our business 2022... on the order of $10 billion."

Meta said that the injected tracking code obeyed users preferences on ATT. "The code allows us to aggregate user data before using it for targeted advertising or measurement purposes," a spokesperson told The Guardian. "We do not add any pixels. Code is injected so that we can aggregate conversion events from pixels. For purchases made through the in-app browser, we seek user consent to save payment information for the purposes of autofill."

Krause noted that Facebook isn't necessarily using the javascript injection to collect sensitive data. However, if the apps opened a users' preferred browser like Safari or Firefox, there would be no way to do a similar javascript injection on any secure site. By contrast, the approach used by the Instagram and Facebook in-app browsers "works for any website, no matter whether it's encrypted or not," he said.

According to Krause's research, WhatsApp doesn't modify third-party websites in a similar way. As such, he suggests that Meta should do the same with Facebook and Instagram, or just use Safari or another browser to open links. "It's what's best for the user, and the right thing to do." For more, check out the summary of his findings here.

COMMENTS

More Related News

Taiwan couple feeds all their wedding guests with $800 worth of Costco food
Taiwan couple feeds all their wedding guests with $800 worth of Costco food

A Taiwanese couple's outdoor wedding banquet that was supplied solely with Costco food has gone viral on social media. The bride posted photos of their...

Senior citizens tour bus on Cape Cod chased by officer who thinks they
Senior citizens tour bus on Cape Cod chased by officer who thinks they're migrants sent by DeSantis

A tour bus of senior citizens on Cape Cod was tailed by a National Guard officer who thought they were migrants sent by Florida Gov. Ron DeSantis.

'He thought there were migrants on the bus': Guard officer pursues, confronts senior citizens

A tour bus bringing senior citizens from Memphis, Tennessee, to Cape Cod was tailed by an Army National Guard officer, police said.

Montana Woman Brags About Slaughtering Siberian Husky She Thought Was a Wolf
Montana Woman Brags About Slaughtering Siberian Husky She Thought Was a Wolf

Amber Rose/FacebookA Montana woman is under investigation after she bragged in a series of photos posted to Facebook that she'd shot a Siberian Husky...

Facebook busts Chinese influence network targeting Americans on abortion and guns ahead of midterms
Facebook busts Chinese influence network targeting Americans on abortion and guns ahead of midterms

Meta removed a Chinese influence network seeking to deepen divides on raw issues like abortion and guns and over politicians like Biden and DeSantis.

Leave a Comment

Your email address will not be published. Required fields are marked with *

Cancel reply

Comments

Top News: Economy