Facebook users sue Meta for allegedly building “secret workaround” to Apple privacy safeguards

Last week, two Facebook users filed a class-action complaint against Meta in San Francisco’s federal court, alleging the company built a “secret workaround” to Apple’s safeguards that protect iPhone users from tracking. Facebook circumvents Apple’s privacy rules by opening in-app browsers within its apps instead of the iPhone’s default browser. By doing this, the users further allege Meta violated state and federal laws regarding the unauthorized collection of personal data.

The suit came after Felix Krause (@KrauseFx), a data privacy researcher and former Google engineer, released a report in August 2022 about iOS privacy, featuring a tool he created himself called the InAppBrowser. It can check if an in-app browser injects JavaScript (JS) code, which could be problematic for iOS and Android users as this causes potential security and privacy risks to users.

In the case of Meta, this JS code is Meta Pixel.

“The iOS Instagram and Facebook app render all third party links and ads within their app using a custom in-app browser,” said Krause in his blog. “This causes various risks for the user, with the host app being able to track every single interaction with external websites, from all form inputs like passwords and addresses, to every single tap.”

Krause also included the following caveat: “Important: Just because an app injects JavaScript into external websites, doesn’t mean the app is doing anything malicious. There is no way for us to know the full details on what kind of data each in-app browser collects, or how or if the data is being transferred or used.”

In an email interview with Bloomberg, a spokesperson from Meta said that Krause’s allegations are “without merit” and it will defend itself.

“We have designed our in-app browser to respect users’ privacy choices, including how data may be used for ads,” the email statement said.

In February, Meta admitted that Apple’s App Tracking Transparency (ATT) feature would decrease its ad revenue by $10B. This admission, according to CNBC, is “the most concrete data point so far on the impact to the advertising industry” in terms of Apple’s privacy feature, which limits companies from accessing the data of iPhone users.

“This allows Meta to intercept, monitor, and record its users’ interactions and communications with third parties, providing data to Meta that it aggregates, analyzes, and uses to boost its advertising revenue,” the suit reads.

Facebook and Instagram weren’t the only apps mentioned in Krause’s report. TikTok, Snapchat, and Amazon were also mentioned.

https://blog.malwarebytes.com/feed/

Leave a Reply