Built-in web browsers in apps like Facebook and Instagram continue to be based around Apple’s WebKit, and Meta has found a way to circumvent that privacy wall and track users, despite Apple’s App Tracking Transparency (ATT) feature enabled. Here is how this is being done.
Instagram Is Capable of Monitoring All User Interaction Every Time a Click Is Made
Using the code, Meta can monitor all user interactions, and activities without their consent, according to the analysis. Worst of all, sensitive information is also made visible.
“The Instagram app injects their tracking code into every website shown, including when clicking on ads, enabling them monitor all user interactions, like every button & link tapped, text selections, screenshots, as well as any form inputs, like passwords, addresses, and credit card numbers.”
Meta states that Meta Pixel is designed to track visitor activity by monitoring everything a user does within their in-built browser. However, the report mentions some key pointers that should relieve users who are worried about their privacy.
“Can Instagram/Facebook read everything I do online? No! Instagram is only able to read and watch your online activities when you open a link or ad from within their apps.
Does Facebook actually steal my passwords, address and credit card numbers? No! I didn’t prove the exact data Instagram is tracking, but wanted to showcase the kind of data they could get without you knowing. As shown in the past, if it’s possible for a company to get access to data for free, without asking the user for permission, they will track it.”
With the practice still being done by Instagram and Facebook, it effectively violates Apple’s ATT, which clearly states that all apps must ask for user content before tracking them. It is unclear how Apple plans on tackling this new hurdle, but the custom tracker was developed with contingencies in mind, so we believe that for now, it will be an uphill battle for the iPhone maker.
News Source: Felix Krause