A new report suggests that Meta is now tracking your browsing activity done using the custom in-app browser present on both Facebook and Instagram. Well, these browsers inject a javascript code into each website that you visit. This allows the parent company, Meta, to potentially track you across several websites. This issue was discovered by researcher Felix Krause. In an official blog post, he stated that, “The Instagram app injects their tracking code into every website shown, including when clicking on ads, enabling them [to] monitor all user interactions, like every button and link tapped, text selections, screenshots, as well as any form inputs, like passwords, addresses, and credit card numbers,” If your primary smartphone runs on iOS then you might know that Apple allows users to opt-out of the app tracking done by Instagram and Facebook. Consequently, Felix Krause focused his research on iOS versions of Instagram and Facebook. In defense, a Meta spokesperson stated that the injected tracking code obeyed users preferences on ATT. He said, “The code allows us to aggregate user data before using it for targeted advertising or measurement purposes.” He further added that “We do not add any pixels. Code is injected so that we can aggregate conversion events from pixels. For purchases made through the in-app browser, we seek user consent to save payment information for the purposes of autofill.” Luckily WhatsApp (owned and operated by Meta) doesn’t modify third-party websites in a similar way. So if Meta wants they can implement similar features on Facebook and Instagram.
