Facebook’s Browser Tracks You Across Websites: What To Know

If you use Instagram and Facebook apps for iOS, you should know that their in-app browser allows Meta to track ‘every tap’ you make on external websites.

A researcher named Felix Krause says this type of tracking is risky for users, because it could let Facebook/Instagram/Meta track form inputs, including passwords and email addresses. According to Krause, Facebook and Instagram iOS apps use a loophole in Apple’s App Tracking Transparency (ATT) feature to track web activity in their browser. They do this using custom JavaScript code, where an in-app browser is launched once you click a link from a post or ad going to an external site.

Krause states that in-app browsers, no matter what company they come from, have a ton of privacy risks. This includes having companies collect browser analytics, copy-and-paste data, user credentials, etc. The researcher also mentions that while Instagram and Facebook do track data outside of those platform, they couldn’t prove exactly what data is being collected. Krause is also not accusing Meta of collecting data for nefarious purposes, but highlighting the fact that these types of code injections can be exploited to gain sensitive information.

The fact that the apps open their own browser also doesn’t mean that Facebook or Instagram can see everything you do online. If you want to protect yourself, consider opening links from the Meta-based companies using Safari’s browser instead. Since Safari blocks third party cookies by default, it might be a smarter privacy decision than using Meta’s browser outright.

Sign up to our mailing list to receive more IT related educational information: