Facebook, Instagram, use a custom tracker named “Meta Pixel” in their own browser to track user activity

Web browsers built into apps like Facebook and Instagram continue to be based on Apple’s WebKit, and Meta has found a way to bypass this privacy wall and track users, despite the App feature being enabled. Apple’s Tracking Transparency (ATT). Here’s how it’s done.

Instagram is able to monitor all user interactions every time a click is made

On iOS, Felix Krause found that Facebook and Instagram use their own in-app browser instead of the one offered by Apple for third-party apps. Most third-party programs use Apple’s Safari browser to load websites, but Facebook and Instagram take a different route, using their own in-app browser to load the same website. Since the custom browser is still based on WebKit, as shown above, both social media apps were able to inject JavaScript code named “Metal Pixel” into all links and websites.

By using the code, Meta can monitor all user interactions and activities without their consent, according to the analysis. Worse still, sensitive information is also made visible.

“The Instagram app injects its tracking code into every website viewed, including when you click on ads, allowing them to monitor all user interactions, like every button and link tapped, text selections, screenshots, as well as all form entries, such as passwords, addresses, and credit card numbers.”

Meta states that Meta Pixel is designed to track visitor activity by monitoring everything a user does in its built-in browser. However, the report mentions a few key pointers that should provide relief to privacy-conscious users.

Can Instagram/Facebook read everything I do online? Nope! Instagram can only read and watch your online activities when you open a link or advertisement from their apps.

Is Facebook Really Stealing My Passwords, Address, and Credit Card Numbers? Nope! I haven’t proven the exact data Instagram tracks, but I wanted to show what kind of data they might be getting without you knowing. As stated in the past, if it is possible for a company to access data for free, without asking the user’s permission, it will track it. »

Since the practice is still practiced by Instagram and Facebook, it effectively violates Apple’s ATT, which clearly states that all apps must request user content before tracking them. It’s unclear how Apple plans to tackle this new hurdle, but the custom tracker was developed with contingencies in mind, so we suspect that for now it will be an uphill battle for the iPhone maker.

Source of information: Felix Krause

Comments are closed.