Built-in web browsers in apps like Facebook and Instagram continue to be based around Apple’s WebKit, and Meta has found a way to circumvent that privacy wall and track users, despite Apple’s App Tracking Transparency (ATT) feature enabled. Here is how this is being done.
Instagram Is Capable of Monitoring All User Interaction Every Time a Click Is Made
On iOS, Felix Krause found that both Facebook and Instagram use their own in-app browser instead of the one that Apple offers for third-party apps. Most third-party programs use Apple’s Safari browser for loading websites, but Facebook and Instagram take a different route, using their own in-app browser to load the same website. Since the custom-built browser is still based on WebKit as stated above, both social media apps were able to inject a JavaScript code codenamed ‘Metal Pixel’ into all links and websites.
Using the code, Meta can monitor all user interactions, and activities without their consent, according to the analysis. Worst of all, sensitive information is also made visible.
“The Instagram app injects their tracking code into every website shown, including when clicking on ads, enabling them monitor all user interactions, like every button & link tapped, text selections, screenshots, as well as any form inputs, like passwords, addresses, and credit card numbers.”
Meta states that Meta Pixel is designed to track visitor activity by monitoring everything a user does within their in-built browser. However, the report mentions some key pointers that should relieve users who are worried about their privacy.
“Can Instagram/Facebook read everything I do online? No! Instagram is only able to read and watch your online activities when you open a link or ad from within their apps.
Does Facebook actually steal my passwords, address and credit card numbers? No! I didn’t prove the exact data Instagram is tracking, but wanted to showcase the kind of data they could get without you knowing. As shown in the past, if it’s possible for a company to get access to data for free, without asking the user for permission, they will track it.”
With the practice still being done by Instagram and Facebook, it effectively violates Apple’s ATT, which clearly states that all apps must ask for user content before tracking them. It is unclear how Apple plans on tackling this new hurdle, but the custom tracker was developed with contingencies in mind, so we believe that for now, it will be an uphill battle for the iPhone maker.
The post Facebook, Instagram, Use a Custom Tracker Codenamed ‘Meta Pixel’ in Their Own Browser to Track Users’ Activity by Omar Sohail appeared first on Wccftech.
Powered by WPeMatico