Facebook and Instagram are using a sneaky loophole to collect Apple iPhone users’ data, according to two new class action lawsuits filed against the social network’s parent company, Meta.
According to the lawsuits, Meta has been injecting javascript tracking code into websites that users visit via the in-app browsers in Facebook and Instagram for iOS, but without user permission.
In 2021, Apple rolled out its new privacy policy, called App Tracking Transparency (ATT), which requires app developers to ask users if their data can be tracked. As a result of Apple’s rule change, Big Tech companies have lost billions of dollars due to Apple’s privacy decision. Meta alone stands to lose $10 billion in 2022. Being able to track what internet users are doing online is a major revenue stream for businesses that rely on advertising for monetization. Apple and Meta have been trading jabs at one another over the app tracking issue ever since.
The allegations levied at Meta wouldn’t just implicate the company in breaking Apple’s policies, Meta could be breaking laws around the unauthorized collection of user data as well.
Tweet may have been deleted
(opens in a new tab)
In August, security researcher Felix Krause published a blog post titled “Instagram and Facebook can track anything you do on any website in their in-app browser,” and shared his discovery, along with what it meant.
“This allows Instagram to monitor everything happening on external websites, without the consent from the user, nor the website provider,” Kraus wrote.
In a tweet thread last month, Krause explained that he submitted the issue to Meta about 9 weeks before publishing his research but didn’t hear back. After his work went viral, Meta reached out to the researcher in mid-August claiming that “the system they built honors the user’s ATT choice.”
Tweet may have been deleted
(opens in a new tab)
Meta says the claims in the lawsuit are “without merit,” according to a statement the company provided to Bloomberg. Facebook and Instagram’s parent company maintains that it “designed its in-app browser to respect users’ privacy choices.”