Moneycontrol PRO
Open App
you are here: HomeNewsTechnology

Ex-Google engineer says Meta can track anything you do on iOS

The engineer said that Meta has been injecting code into its iOS Instagram and Facebook apps, letting them follow users around on the web

August 12, 2022 / 12:55 PM IST
Representative Image

Representative Image

A former Google engineer and privacy researcher, Felix Krause said that Meta could track anything its users do on iOS, by taking advantage of a loophole in Apple security.

He said that the iOS versions of Facebook and Instagram, take users who click on links in the apps to an "in-app browser" and not the user's browser of choice like Safari or Firefox.

This allows Meta to inject code into their apps, so when a user clicks on a link and is taken to the in-app browser, the company can then monitor their activity around the web.

"Links to external websites are rendered inside the Instagram app, instead of using the built-in Safari," said Krause in a blog post.

"This allows Instagram to monitor everything happening on external websites, without the consent from the user, nor the website provider," he added.


Krause said that the Instagram app, "injects their JavaScript code," into any website that user opens in the in-app browser. This includes clicking on ads or banners.

"Injecting custom scripts into third party websites allows them to monitor all user interactions, like every button & link tapped, text selections, screenshots, as well as any form inputs, like passwords, addresses and credit card numbers," said Krause.

In a statement shared with The Guardian, Meta said that they had "intentionally developed this code" to account for user choice on the platform. The company said that it completely respects the users consent to tracking choices on its platforms.

“The code allows us to aggregate user data before using it for targeted advertising or measurement purposes. We do not add any pixels. Code is injected so that we can aggregate conversion events from pixels," said a spokesperson for Meta, in a statement.

Regarding tracking a users purchasing habits, Meta added that, “For purchases made through the in-app browser, we seek user consent to save payment information for the purposes of autofill.”

Invite your friends and family to sign up for MC Tech 3, our daily newsletter that breaks down the biggest tech and startup stories of the day

Moneycontrol News
first published: Aug 12, 2022 12:55 pm
ISO 27001 - BSI Assurance Mark