Facebook sued for allegedly spying on users through an in-app web browser


Meta is being sued for allegedly collecting personally identifiable information (PII) from its Facebook and Instagram users without telling them.

According to the lawsuit, the problem lies in how the company’s Facebook and Instagram platforms handle internet links on an iOS device. Both apps have their own built-in internet browsers (opens in a new tab)the WKWebView, which displays pages when a user clicks on a link (as opposed to opening links in, say, Safari or Chrome).

From the user’s side, clicking a link would make the application appear to open the page, rather than as if it were open in a separate application. However, the plaintiffs claim that the browser also injects JavaScript code that collects data, which other browsers could not do.

Personally identifiable information

“When users click on a link in the Facebook app, Meta automatically directs them to the in-app browser it monitors instead of the smartphone’s default browser, without telling users that this is happening or that they are tracked,” the lawsuit states.

“User information that Meta intercepts, monitors and records includes personally identifiable information, private health details, text entries and other sensitive confidential facts.”

The case was bolstered by previous findings from cybersecurity researcher Felix Krause, who raised the issue in August 2022.

When Krause published his findings, Meta responded by saying the code injection was done to respect user privacy. (opens in a new tab) choices.

“We intentionally developed this code to honor users’ choices for application tracking (ATT) transparency on our platforms,” ​​a Meta spokesperson said. The register. “The code allows us to aggregate the data before it is used for targeted advertising or measurement purposes.”

The plaintiffs, Gabriele Willis and Kerreisha Davis, are not challenging Apple’s data collection practices, just the fact that it has remained silent about it.

“Meta does not disclose the consequences of browsing, browsing and communicating with third-party websites from Facebook’s in-app browser, namely that it overrides their default browser privacy settings, which users rely on to block and prevent tracking,” the complaint reads.

“Similarly, Meta conceals the fact that it injects JavaScript that modifies external third-party websites so that it can intercept, track, and log data it could not otherwise access.”

The company dismissed the allegations, with a spokesperson saying, “These allegations are without merit and we will vigorously defend ourselves.”

“We have carefully designed our in-app browser to respect users’ privacy choices, including how data may be used for advertisements.”

  • These are the best VPNs (opens in a new tab) around

Going through: The register (opens in a new tab)


Comments are closed.