Facebook and Instagram apps can track users via their in-app browsers
“The Instagram application injects its monitoring code on each website that is shown, even by clicking on the ads, enabling them [to] monitor all user interactions, such as all buttons and links, text selections, captures of Screen, as well as any form input, such as passwords, addresses and credit card numbers, “Krause said in a blog post.
His research focused on the versions of iOS from Facebook and Instagram. That is key because Apple allows users to opt for the monitoring of the application when they open an application for the first time, through their transparency of applications monitoring (ATT) introduced in iOS 14.5. Goal has previously said that the characteristic was “a wind against our business 2022 … in the order of $ 10 billion.”
Meta said that the injected monitoring code obeyed user preferences in ATT.
“The code allows us to add user data before using them for specific advertising or measurement purposes,” a spokesman told The Guardian. “We do not add any pixels. The code is injected so that we can add the conversion events of the pixels. For purchases made through the browser in the application, we seek the user’s consent to save payment information for the purposes of the automatic approach,” .
According to Krause’s research, WhatsApp does not modify third -party websites similarly. As such, he suggests that goal must do the same with Facebook and Instagram, or simply use safari or other browser to open links. “It’s the best for the user and the right thing.” For more information, see the summary of his findings : here.