Facebook users sue Meta, accusing company of iOS tracking via loophole • TechCrunch

Apple’s major iOS privacy update last year made it much harder for apps to track user behavior beyond their own borders, but a new lawsuit alleges the parent company of Facebook and Instagram’s Meta continued to spy on a workaround.

The complaint, filed in the U.S. District Court for the Northern District of California and embedded below, alleges that Meta evaded Apple’s new restrictions by monitoring users through Facebook’s in-app browser, which opens links in the app. The proposed class action lawsuit, first reported by Bloombergcould allow anyone concerned to log in, which in Facebook’s case could mean hundreds of millions of US users.

In the lawsuit, two Facebook users allege that Meta not only violates Apple’s policies, but also violates state and federal privacy laws, including the Wiretapping Act, which has made it illegal to interception of electronic communications without consent. Another similar lawsuit (Mitchell v. Meta Platforms Inc.) was filed last week.

The plaintiffs allege that Meta tracks users’ online activity by directing them to Facebook’s built-in web browser and injecting JavaScript into the sites they visit. This code allows the company to monitor “every interaction with external websites”, including where they type, and what passwords and other text they enter:

Now, even when users do not consent to being tracked, Meta tracks Facebook users’ online activity and communications with external third-party websites by injecting JavaScript code into those sites. When users click on a link in the Facebook app, Meta automatically directs them to the in-app browser it monitors instead of the smartphone’s default browser, without telling users that this is happening or that they are followed.

Apple introduced iOS 14.5 in April last year, dealing a blow to social media companies like Meta that relied on tracking user behavior for advertising purposes. The company cited iOS changes specifically in its winning calls as it prepared investors to adapt to the new normal for its ad targeting business, describing Apple’s privacy changes as a “headwind” that she should overcome.

In a statement emailed to TechCrunch, a spokesperson for Meta said the allegations were “without merit” and the company would defend itself “vigorously.” “We have carefully designed our in-app browser to respect users’ privacy choices, including how data may be used for advertisements,” the spokesperson said.

In the new iOS privacy prompt, Apple asks if a user consents to having their activity tracked “on other companies’ apps and websites.” Users who opt out can reasonably believe they are on an external web browser when they open links in Facebook or Instagram, although the company is likely claiming otherwise.

Felix Krause, security researcher surfaced regarding Facebook and Instagram’s in-app browsers last month and the trial draws heavily on his report. He urged Meta to send users to Safari or another external browser to close the loophole.

“Do what Meta is already doing with WhatsApp: stop modifying third-party websites and use Safari or SFSafariViewController for all third-party websites,” Krause wrote in a blog post. “It’s best for the user and the right thing to do.”

Comments are closed.