If you’d rather not completely follow his actions by apps like Instagram or Facebook, it’s best not to click on links in those apps. This says a former Google developer in a report.
According to Felix Krause, a former Google employee and founder of automation company Fastlane, many apps inject their own Javascript code into websites they show you in the app’s browser. This way apps can do this and track you completely, even if you turn this tracking off in your own browser, he notes a report.
Krause gives the example of Instagram or Facebook, both of which are part of the Meta. If you click on a link inside an iOS or Android app, it won’t open in your standard browser (like Safari on iOS), but in a version with more meta control. This in-app browser will first check if there is already a tracker from the advertising organization IAB on the site, and if not, the browser itself injects a Meta Pixel (a tracker from Meta, which the company used before. I already got into trouble). This tool forwards data to the tech giant, though Krause says he can’t figure out what data is being forwarded.
Get rid of cookies
The report comes amid a broader trend towards less tracking than the browsers themselves. Firefox and Safari have been blocking third-party cookies for some time, iOS has general protection against tracking cookies, and Google Chrome is also working on a system to replace site trackers like Facebook (although the question here is whether Chrome has parental tracking). a company). Google will address). Meta, which does not run the same browsers or operating systems, will still be able to circumvent these various cross-browser actions within the app.
Krause states that he reported the “bug” to the Meta Bug Bounty program, and that they can reproduce it. However, after a few weeks of silence, Meta hasn’t made any changes yet, he says, so he will publish his findings. Commenting on the publication of its report, Meta reports that the script they inject is not a Meta Pixel script, but is supposed to facilitate online services such as payments. If you want to avoid the script, it is better to just open the link in Instagram, Facebook or other apps via your secure browser (Safari, Brave, Firefox), rather than clicking on the app itself.
According to Felix Krause, a former Google employee and founder of automation company Fastlane, many apps inject their own Javascript code into websites they show you in the app’s browser. That way, apps can do so and track you entirely, even if you’ve turned off tracking in your browser, he notes in a report. Krause gives the example of Instagram or Facebook, both of which are part of the Meta. If you click on a link inside an iOS or Android app, it won’t open in your standard browser (like Safari on iOS), but in a version with more meta control. This in-app browser will first check if there is already a tracker from the advertising organization IAB on the site, and if not, the browser itself injects a Meta Pixel (a tracker from Meta, which the company used before. I already got into trouble). This tool forwards data to the tech giant, though Krause says he can’t figure out what data is being forwarded. The report comes amid a broader trend towards less tracking than the browsers themselves. Firefox and Safari have been blocking third-party cookies for some time, iOS has general protection against tracking cookies, and Google Chrome is also working on a system to replace site trackers like Facebook (although the question here is whether Chrome has parental tracking). a company). Google will address). Meta, which does not run the same browsers or operating systems, will still be able to circumvent these various cross-browser actions within the app. Krause states that he reported the “bug” to the Meta Bug Bounty program, and that they can reproduce it. However, after a few weeks of silence, Meta hasn’t made any changes yet, he says, so he will publish his findings. Commenting on the publication of its report, Meta reports that the script they inject is not a Meta Pixel script, but is supposed to facilitate online services such as payments. If you want to avoid the script, it is better to just open the link in Instagram, Facebook or other apps via your secure browser (Safari, Brave, Firefox), rather than clicking on the app itself.
