Apple’s Instagram and Facebook iOS apps feature in-app browsers that let parent firm Meta track “every single tap” users make with external websites viewed using the software, users of both are forewarned.
Developer, privacy researcher, and former Google engineer Felix Krause conducted the study by examining the iOS apps for both social media sites.
According to researcher Felix Krause, this kind of tracking exposes consumers to “different hazards.” He cautions that via their in-app browsers, both iOS versions of the apps can “monitor every single contact with external websites, from all form inputs like passwords and addresses to every single tap.”
With the introduction of iOS 14.5 in 2021 and the inclusion of a feature called App Tracking Transparency, Apple addressed the privacy concerns of iOS users (ATT). The additional feature was designed to make app developers obtain user permission before tracking data produced by third-party apps that are not their own before doing so.
According to Krause, the iOS apps Facebook and Instagram are both using a hack to get over ATT regulations and track website activity within their in-app browsers. This is done by using a proprietary JavaScript code that is present in both apps’ in-app browsers. This means that Meta launches its own in-app browser when an iOS Facebook or Instagram user clicks on a link within a Facebook or Instagram post (or an ad), allowing Meta to track what you do on other websites you visit.
When opening a link from Instagram, Facebook, or Messenger, Krause advises users who are concerned about their privacy to “be sure to click the dots in the corner to open the page in Safari instead.” He notes that Safari already by default disables third-party cookies.