Meta Bypassed Apple’s Anti-Tracking Protections on iOS

Danny Chadwick

Review Geek


Meta Bypassed Apple’s Anti-Tracking Protections on iOS

When Apple introduced its App Tracking Transparency system in 2020, Facebook (now Meta) took a hard line against it, claiming it would hurt the world’s largest social media platforms and small businesses that rely on tracking data to make money.

Now, it seems that Meta properties have found a way around Apple’s anti-tracking regime. Engadget reports that researcher Felix Krause uncovered Meta’s secret javascript code that allows the Instagram and Facebook apps to track sensitive information via in-app browsers.

That means that if you open a website in the Facebook or Instagram apps on your iPhone, Meta can track where you’re activity across websites and potentially even other Meta apps. The tracking code could even collect sensitive information like passwords, payment information, and screenshots.

The key to this tracking is javascript code Meta apps inject into websites visited through their in-app browsers. iOS versions of Facebook and Instagram use custom browsers to visit websites rather than launching apps like Safari and Firefox. Were Meta apps to use third-party browsers, they could not inject tracking codes into user-visited websites.

Meta claims these tracking codes follow the tracking preferences of iOS users. A company spokesperson told The Guardian, “We intentionally developed this code to honour people’s choices on our platforms.”

Continue Reading

Loading data