For years, the data collection frenzy of IT groups big and small knew no bounds. But in recent years the situation has reversed. As more browsers advertise anti-tracking features, iPhone maker Apple last year ended unlimited spying on user activities across multiple apps with App Tracking Transparency.
But it’s quite different when using the built-in browser found on Instagram and Facebook. When you consult web pages through these applications, a code that follows all actions is injected, even the entry of your password. This sounds really worrying.
If you’re an iOS user and you open the link in the app for Instagram or Facebook in an in-app browser, you’re being watched closely. It was discovered by Felix Krause, a former Google technician. On his blog, he describes how the Facebook and Instagram applications’ in-app browsers inject their code into the web pages viewed.
Facebook is only interested in advertising
Using this code, Meta could theoretically track all user activity, including what they clicked or the ability to take a screenshot. In theory, the company could even read very sensitive data such as passwords or credit card numbers. All this without ever asking the consent of the users or operators of the respective websites.
Facebook claims that the tracking on the websites is meant only to collect data about users and serve personalized ads on that basis. Information such as credit card data will only be saved with the prior consent of the users, so that they can be more quickly inserted the next time they autocomplete. At least that’s the Facebook version.
This does not mean that the company Meta really and actively uses all these possibilities. It’s not easy to know what data Meta actually collects in this way. The company will use several levels of encryption and concealment to keep these activities secret.
In general, this is an attack
The software developer gave all this information to Meta on June 9. After a brief confirmation that this behavior could be repeated, the group went radio silent. So Krauss set a reasonable deadline for the company to take it public, but Meta also didn’t respond. This time is now over.
The request for meta:remove tracking is quite simple, as WhatsApp doesn’t have this behavior on the iPhone.