IPhone Users, Be Careful Clicking Links On Facebook And Instagram

Posted on

iOS privacy researcher Felix Krause found security holes on Facebook and Instagram. According to Krause, the two Meta apps on iOS can read links (links), and see user interactions after clicking on external links on Facebook and Instagram.

That way, the social media can see text options, input text such as passwords, or user credit card number details.

According to Krause, Facebook and Instagram on iOS use a dedicated browser available within the app, not the browser Apple offers for third-party apps.

Whereas, the majority of apps use the Safari browser to load websites when clicking on links within the app.

In those WebKit-based browsers, Instagram and Facebook called Krause embed a JavaScript tracking code named “Meta Pixel” into all displayed links and websites.

With that code, the social media company has free access to track user interactions without the need for specific approvals.

“This allows Instagram to monitor all interactions on external websites without the consent of the user or website provider,” Krause said as quoted by KompasTekno from MacRumors, Monday (15/8/2022).

“The Instagram app injects a tracking code into every website it displays, including when clicking on an ad, allowing them to monitor all user interactions, such as when each button and link is pressed, text options, screenshots, as well as any form input such as passwords, address and credit card number,” Krause said.

Meanwhile, according to Meta as the parent of Facebook and Instagram, the Meta Pixel code was created to track visitor activity on the website, by monitoring all the events that the user performs in a custom-built browser.

However, there will be no evidence to suggest that Meta actively collects user data from this practice.

“Did Facebook actually steal my passwords, addresses and credit card numbers? No! I don’t have any evidence and that’s what Instagram is tracking, but wanted to show you what kind of data they can track without you knowing,” Krause said. .

Despite the lack of evidence, this practice violates Apple’s App Tracking Transparency (ATT) policy, which requires all apps to seek user consent before tracking across apps and websites belonging to other companies.


Get Code

Leave a Reply

Your email address will not be published.