Facebook and Instagram rewrite websites via in-app browser that can track ‘every single interaction’
Meta can ‘track every single interaction with external websites, from all form inputs like passwords and addresses, to every single tap’
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Meta has been rewriting websites that Facebook and Instagram users visit to trace them across the internet, according to new research.
Users who click links inside Facebook or Instagram are taken to webpages in an “in-app browser”, rather than using Google Chrome or Safari.
This allows the company to monitor everything that happens on external websites without needing user consent or the consent of the website.
“This causes various risks for the user, with the host app being able to track every single interaction with external websites, from all form inputs like passwords and addresses, to every single tap”, wrote Felix Krause, a former Google engineer.
“I can’t say how the decisions were made internally. All I can say is that building your own in-app browser takes a non-trivial time to program and maintain, significantly more than just using the privacy and user-friendly alternative that’s already been built into the iPhone for the past 7 years.”
Mr Krause advises that users should use the ‘Open in Browser’ setting that most in-app browsers have. If that option is not available, they will have to copy and paste the URL into a separate browser. Using Facebook and Instagram on the web, rather than through their apps, also avoids these issues.
Smartphone companies have been implementing methods to block websites from tracking users around the web. In April last year Apple introduced iOS 14.5 with App Tracking Transparency, or ATT.
The feature forces developers to ask permission to see the unique identifier that had until recently been used to track phones and their users as they move between different apps.
Given most users are not likely to give the explicit consent to tracking, the move has brought significant changes to advertising companies.
According to Meta CFO Dave Wehner, “the impact of iOS overall” cost Meta “on the order of $10 billion” in 2022.
In a statement, Meta said that injecting tracking code obeyed users’ preferences and was only used to aggregate data.
“We intentionally developed this code to honour people’s [Ask to track] choices on our platforms,” a spokesperson said. “The code allows us to aggregate user data before using it for targeted advertising or measurement purposes. We do not add any pixels. Code is injected so that we can aggregate conversion events from pixels”, a spokesperson told The Guardian.
“For purchases made through the in-app browser, we seek user consent to save payment information for the purposes of autofill.”
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments