Meta has developed a tracking system that bypasses the privacy protection put in place by Apple – as long as the user is registered on Facebook and/or Instagram.
When Meta was still called Facebook, the firm repeatedly engaged in incredibly intrusive tracking of its users. However, apparently, the firm has not given up on tracking its users as much as possible – including on the iPhone, when the privacy protection features are active.
Normally, third-party applications that integrate a web browser must use the WebKit component integrated into iOS. Browser specially designed to minimize tracking by third-party applications. Nevertheless, researcher Felix Krause realized that Facebook and Instagram actually use an in-house component instead of WebKit.
Felix Krause explains, quoted by WWCFTech: “the Instagram application injects their tracking code on each site that is displayed, even in the event of clicks on advertisements, which allows them to observe all the interactions of the user, including all the links and buttons they click on, what text they select, as well as taking screenshots, or even sucking up anything entered into forms, such as passwords, addresses, and credit card numbers”.
Fortunately, as Felix Krause notes, several safeguards limit intrusion into users’ privacy, even if this practice is in itself questionable. The Instagram and Facebook browser is only able to spy on what the user does when he clicks on a link or an advertisement from the firm’s applications.
Moreover, even though Felix Krause claims that Facebook and Instagram can suck your passwords and payment card numbers, there is no evidence that Meta is interested in this data. In fact, the biggest problem, in the end, is that Meta still plays on the sly of the explicit consent provided for by the GDPR as well as the systems put in place by companies like Apple to protect the privacy of users.