Meta has been sued for allegedly collecting personally identifiable information (PII) about its Facebook and Instagram users without notifying them.
According to the lawsuit, the problem is how Facebook and Instagram’s platforms handle Internet links on an iOS device. Both programs have their own built-in Internet browsers (opens in a new tab)A WKWebView that displays pages when the user clicks on a link (as opposed to opening links in, say, Safari or Chrome).
When the user clicks on the link, it will appear that the page is being opened by the program, rather than in a separate program. However, the plaintiffs say the browser also injects JavaScript code that collects data — something other browsers wouldn’t be able to do.
Personal information
“When users click on a link in the Facebook app, Meta automatically directs them to an in-app browser that it controls, rather than the default smartphone browser, without informing users that this is happening or that they are being tracked,” the lawsuit says.
“The user information that Meta intercepts, monitors, and records includes personal information, personal health information, text records, and other sensitive confidential facts.”
The case was supported by preliminary findings from cybersecurity researcher Felix Krause, who raised the issue in August 2022.
When Krause published his findings, Meta responded that the introduction of the code was done out of respect for the user confidentiality (opens in a new tab) elections.
“We intentionally designed this code to honor people’s choice of App Tracking Transparency (ATT) on our platforms,” ​​said a Meta spokesperson Register. “The code allows us to aggregate data before it is used for targeted advertising or measurement.”
The plaintiffs, Gabrielle Willis and Kerisha Davis, aren’t challenging Apple’s data collection practices, just the fact that it was silent about them.
“Meta fails to disclose the implications of browsing, navigating, and connecting to third-party websites from Facebook’s internal browser, namely that it overrides the default browser privacy settings that users rely on to block and prevent tracking,” the complaint said.
“Similarly, Meta hides the fact that it injects JavaScript that modifies external third-party websites so that it can intercept, track, and record data that it could not otherwise access.”
The company denied the claims, with a spokesperson saying: “These allegations are baseless and we will defend ourselves vigorously.”
“We’ve carefully designed our in-app browser to respect users’ privacy choices, including how data may be used for advertising.”
- This the best VPNs (opens in a new tab) around
Via: Register (opens in a new tab)
https://www.techradar.com/news/facebook-sued-for-allegedly-spying-on-users-via-in-app-web-browser/
