iPhone: how Meta secretly tracks Facebook and Instagram users

Meta has developed a tracking system that bypasses the privacy protection put in place by Apple – as long as the user is registered on Facebook and/or Instagram.

When Meta was still called Facebook, the firm repeatedly engaged in incredibly intrusive tracking of its users. However, apparently, the firm has not given up on tracking its users as much as possible – including on the iPhone, when the privacy protection features are active.

Normally, third-party applications that integrate a web browser must use the WebKit component integrated into iOS. Browser specially designed to minimize tracking by third-party applications. Nevertheless, researcher Felix Krause realized that Facebook and Instagram actually use an in-house component instead of WebKit.

Meta flouts both GDPR explicit consent and Apple’s privacy policy

However, the behavior of the integrated browser raises questions. If you use it to browse the internet, for example after clicking on a link on Instagram or Facebook, everything you do is systematically transmitted to Meta. A JavaScript tracking code called “Meta Pixel” is indeed injected into all the pages visited via this browser.

Felix Krause explains, quoted by WWCFTech: “the Instagram application injects their tracking code on each site that is displayed, even in the event of clicks on advertisements, which allows them to observe all the interactions of the user, including all the links and buttons they click on, what text they select, as well as taking screenshots, or even sucking up anything entered into forms, such as passwords, addresses, and credit card numbers”.

Fortunately, as Felix Krause notes, several safeguards limit intrusion into users’ privacy, even if this practice is in itself questionable. The Instagram and Facebook browser is only able to spy on what the user does when he clicks on a link or an advertisement from the firm’s applications.

Moreover, even though Felix Krause claims that Facebook and Instagram can suck your passwords and payment card numbers, there is no evidence that Meta is interested in this data. In fact, the biggest problem, in the end, is that Meta still plays on the sly of the explicit consent provided for by the GDPR as well as the systems put in place by companies like Apple to protect the privacy of users.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s