The web browser integrated into the Facebook and Instagram applications allows Meta to track all your activities in the external links you visit.
Unlike most iOS apps, Facebook and Instagram don’t use Safari to display external links you click on. Instead, Meta has chosen to integrate an in-house web browser. And this is in no way due to chance. True to its reputation, the parent company of Facebook and Instagram has made this choice to be able to track all your activity on the web.
Felix Krause, the creator of Fastlane tools, an automation tool acquired by Google in 2017, analyzed the browser used by Meta. And the conclusions he made in a very technical post published on his site are chilling.
Because although Meta uses Webkit, Apple’s rendering engine, for the Web browser integrated into Facebook and Instagram, its operation is far from Apple’s standards. As soon as you open an external link from Facebook and Instagram, by tapping on a press article or an advertisement, the browser automatically injects a piece of JavaScript code to track you. Thanks to it, Meta can see, follow, and track all the actions you perform.
Be careful though, if this gives Meta the possibility to do so, it does not mean that the company collects all the data to exploit it.
“This allows Instagram to monitor everything that happens on external websites, without the consent of the user or the website provider. The Instagram app injects its JavaScript code into every website displayed, including when you click on ads. Even though pcm.js doesn’t (note: it’s the name of the JavaScript code used by Meta), injecting custom scripts into third-party websites allows them to monitor all user interactions, such as each button and typed link, text selections, screenshots, and all form entries, such as passwords, addresses, and credit card numbers. “Explains Felix Krause in his post.
Meta contradicts analytics
Of course, Meta immediately strongly contested the analysis carried out by Felix Krause. The firm explains that the injected script “allows the aggregation of events, that is to say the online purchase, before these events are used for targeted advertising and measurement for the Facebook platform. “. Meta has also made a point of specifying that “the injected script helps Meta to respect the choice of deactivating the ATT of the user (ndr: App Tracking Transparency, in other words the consent)”.
How can you limit the risk of being tracked by Facebook and Instagram as much as possible? In his post, Felix Krause delivers several tips that appeal to common sense. He thus suggests avoiding opening external links in applications, but favoring their opening in Safari. Facebook and Instagram both offer this option in principle. He also advises to no longer use the mobile applications of these two platforms, but to favor WebApps, opening them directly in Safari.
Source :
Felix Krause