As per a new study conducted by an ex-Google engineer, Meta, the owner of Instagram and Facebook, has been recently working on rewriting websites its users visit, which let the company follow them across the web after clicking on links displayed on the app.
Both these apps have been into taking advantage of the fact that users who click on the links are directed to the webpages in an “in-app browser,” which is administered by Instagram or Facebook. Instead of directing the user to a browser of their selections like Firefox or Safari.
Felix Krause, a privacy researcher who founded an app development tool acquired by Google in 2017, said that the Instagram app added its tracking code to every other website shown, which also includes allowing the platform to control all user interactions, such as monitoring every tapped link and button, clicking on ads, screenshots, text selections, along with any input by a user, including credit card numbers, addresses, and even passwords.
According to a statement issued by Meta, an injection of a tracking code that follows preferences given by users on whether or not they granted permission to apps to follow users. Meta also stated that this tracking code was only aimed at accumulating data before it applied to targeted advertising or measurement purposes for mainly those users who selected the option of such tracking.
A spokesperson said that the only objective behind developing this tracking code is to respect its users’ preferences by asking them for consent to track. The code gives the platform permission to amass user data before the data is being used intended for targeted advertising. The platform does not add any pixels to it. The reason behind injecting code is to collect conversion events from pixels.
They further added that the platform asks the user for permission if the user made any purchase using the in-app browser to save information related to payment aiming to autofill.
Krause was the one who discovered the injection of a tracking code by building a tool that may contain a list of all additional commands that are added to a website by the browser. For most apps and standard browsers, the tool doesn’t find any changes, but on the other hand, if it comes to Instagram and Facebook, the tool successfully finds code of up to 18 lines by the app. Those code lines detected by the tool appear on the screen for scanning a specific cross-platform tracking kit, but if not installed on the device, then rather call the Meta pixel. Meta Pixel is a tool that grants permission to the platform to follow the user browsing around the web and create an exact profile of their preference.
As per Krause’s study, the platform does not reveal the way to the user, in which it rewrites web pages according to the users’ interests. No such tracking code is added to the in-app browser of WhatsApp.