BY RT INTERNATIONAL
Meta apps inject a tracking code into websites when people are viewing them
Instagram and Facebook apps track what people do when browsing third-party websites without their consent, privacy researcher Felix Krause has warned.
Krause, a former Google engineer, wrote on a blogpost on Wednesday that the iOS app injects codes into every website shown and uses âa custom in-app browserâ instead of the built-in Safari to monitor usersâ activity.
The app does so âwithout the consent from the user, nor the website provider,â Krause wrote.
The researcher said that he could not determine the exact data Instagram is tracking but stressed that such in-app browsers allow everything a user does on a website to be tracked, including âevery tapâ and âscrolling behavior.â
He added that such browsers could be exploited to steal sensitive data, such as home addresses.
In a statement to The Guardian on Thursday, Instagramâs parent company Meta said that injecting a tracking code was in accordance with usersâ preferences on whether or not they allowed apps to follow them.
âWe intentionally developed this code to honor peopleâs [Ask to track] choices on our platforms,â a spokesperson said. âThe code allows us to aggregate user data before using it for targeted advertising or measurement purposes.â
The spokesperson added:Â âFor purchases made through the in-app browser, we seek user consent to save payment information for the purposes of autofill.â
In response to Metaâs statement, Krause argued that the practice still âexposes a big risk for the user,â and that âthere is no way to opt-out of the custom in-app browser.â
Commenting on its privacy white paper released last month, Meta said its goal was to âbalance privacy and integrity when using peopleâs data to reduce bad experiences with our technologies.â