Analysis shows Instagram tracks user web activity via in-app browser

by admin
0 comment 2 views
Analysis shows Instagram tracks user web activity via in-app browser
Listen to this article

A new analysis from the Instagram app has suggested that every time a user clicks on a link within the app, Instagram changes all their interactions, text selections and even text inputs, such as passwords and private credits. Capable of monitoring card details within websites. App.

instagram feature 2
analyzed Felix Krauss found that both Instagram and Facebook on iOS use their respective in-app browsers, not the browsers offered by Apple for third-party apps. Most apps use Apple’s Safari to load websites, but Instagram and Facebook are using their own in-app browsers to load websites within the app.

With their custom-built browsers, still based on WebKit, Instagram and Facebook inject a tracking JavaScript code called a “meta pixel” into all the links and websites shown. With that code, Meta has complete freedom to track users’ interactions without their explicit consent, Krauss found.

This allows Instagram to monitor everything that happens on external websites without the consent of the user nor the website provider.

The Instagram app injects its tracking code into every website shown, including when ads are clicked, enabling them to monitor all user interactions, such as every button and link tapped, text selections, screenshots, as well as passwords. , any form inputs such as addresses, and credit card numbers.

As Krause points out, it takes a fair amount of effort for companies like Meta to develop and maintain their own in-app browser instead of using Apple’s built-in Safari. on its developer portal, meta claims The “Meta Pixel” is designed to “track visitor activity on your website” by monitoring all events that occur by the user in their custom-built browser. There is no evidence that Meta, which owns Instagram, actively collected user data that it was able to collect. As Krauss writes:

Does Facebook really steal my password, address and credit card number? No! I didn’t prove that Instagram is tracking accurate data, but I wanted to show the kind of data they could have gotten without you knowing. As shown in the past, if it is possible for a company to gain free access to data without asking the user for permission, they will track it.

However, this practice is a violation of Apple’s App Tracking Transparency (ATT) policy. ATT requires that all apps ask for user consent before tracking them on apps and websites owned by other companies.

Meta has repeatedly pushed back against Apple’s goal of giving users a choice of whether or not they wish to be tracked. In December 2020, Meta took out a full-page newspaper ad attacking Apple for the change. Krauss says he shared his findings with Meta, which responded that he “confirmed the issue” but has not responded since. Cross says he gave Meta two weeks’ notice before deciding to go public with his findings.

Related Posts

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More Would you like to receive notifications on latest updates? Later Yes