Meta caught in the act

A developer has made a strange discovery in the Facebook and Instagram iOS applications regarding the use of personal data.

If you regularly use Facebook and Instagram on iPhone, Meta further monitors your data on these devices. At least that’s what seems to say Felix Krause, the famous founder of Fastlane, the open source tool facilitating the development of applications on iOS and Android. You might have noticed it already, but Meta social media on iPhone has its own built-in web browser..

Thus, by clicking on an external link, it opens directly from the application you are using, without having to use Safari or any other browser. Practical, no? But unsurprisingly, behind this easy tool hide much less nice features. For the firm of Mark Zuckerberg, all means are good to collect data, and this mini browser is no exception to the rule

A not so secret code

By analyzing Meta’s iOS applications, Felix Krause quickly realized that the integrated browser had its little peculiarity. Although built from Apple’s Webkit, the built-in tool is not on the same page as Apple when it comes to security and privacy. With each click on an external link, Meta injects a small JavaScript code that will cling to your data like a mussel to its rock.

Users then find themselves followed throughout their digital journey via this browser. Addresses visited, actions performed, Meta tracks and monitors the smallest actions and gestures, without anyone knowing anything about it. It is impossible to know what the company does with the data obtained and there is no guarantee that it will even be used. However, Felix Krause details on his site the process of collection and the data concerned, and as much to say that Big Brother gives himself to heart joy:

This allows Instagram to monitor everything that happens on external websites, without the consent of the user or the website provider. The Instagram app injects its JavaScript code into every website displayed, including when you click on ads. Even if the JavaScript code used by Meta does not, injecting custom scripts into third-party websites allows them to monitor all user interactions, such as every button and link typed, text selections, screenshots screen, as well as all form entries, such as passwords, addresses, and credit card numbers.”

Monitoring for a personalized experience

Following these allegations, Meta hastened to respond to clarify the situation. According to the social media giant, this monitoring is for the simple purpose of improving the user experience. The script set up then allows “aggregate events, i.e. online purchase, before those events are used for targeted advertising” explains the group.

As usual, the use of personal data is justified by the need to offer content tailored to each user. But isn’t the price to pay for personalized content too high at a time when each of our actions is subject to almost permanent tracking? “We intentionally developed this code to honor users’ choices for transparency in app tracking on our platforms.” said a spokesperson for Meta to our colleagues at 01net.

To counter this surveillance, Felix Krause advises iOS device users to prioritize using Safari to visit external links. According to the developer, a seasoned user should even consider visiting Meta’s social networks directly through their web versions to avoid any tracking slipped into apps. Changing your habits and avoiding the easy would therefore be the keys to protecting your data, but these are not easy resolutions to undertake when we are always more connected…

Leave a Comment