As new research on social media in-browsers shows, there are hidden web trackers that even the best VPN services can’t prevent.
Felix Krause, a former Google engineer, reported (opens in a new tab) that people who open web pages directly from their Facebook and Instagram app could put their personal information at risk. Indeed, Meta seems to inject additional lines of code on websites to better track users’ online activities.
“Even though the injected script currently does not, running custom scripts on third-party websites allows them to monitor all user interactions, such as every button and link typed, text selections, screenshots , along with all form inputs, like passwords, addresses, and credit card numbers,” he said.
Additionally, the TikTok iOS app has been shown to be able to “subscribe” to all keyboard inputs. This means that it can potentially monitor whatever you click on your screen while using the app.
💥 New post: Instagram and Facebook track everything you do on any website in their in-app browserhttps://t.co/dj5CMJUwHc pic.twitter.com/LvWXGa34N2August 10, 2022
Meta and TikTok responded quickly to such allegations.
Although it did not reveal the practice to its users in advance, Meta said that the injected script helps Meta respect the user’s ATT. [App Tracking Transparency] withdrawal choice.
“The code allows us to aggregate user data before using it for targeted advertising or measurement purposes. We do not add any pixels. The code is injected so we can aggregate conversion events from pixels,” a spokesperson for Meta told The Guardian. (opens in a new tab).
Since it has the potential to allow manipulation of websites or other web applications, it is usually used by hackers or other malicious actors to send cyber attacks. Like malware injection, these attacks aim to collect sensitive user data.
As Krause explains in his blog posts, this practice allows both Meta and TikTok to track users’ activities after they leave the social media app: from the page they visit to what they type on the device keyboard and the screenshot they take.
What is certain is that Meta, for example, saw a record drop in daily users and a 26% drop in the company’s share price (opens in a new tab) This year. The latter came after Apple introduced a stricter policy against cross-host tracking. This means app developers now need to request permission to track users in apps.
Krause also pointed out that Safari, Google Chrome, and Firefox have all revamped their third-party cookie policies lately.
How to protect yourself from in-app browser tracking
Whether or not social media developers use in-app browser links to improve their control over users, there are several ways to simply avoid this practice.
1. Open the URL directly on the browser
2. Use the web version of the social media app
As social networks also have a web version of their apps, you can consider using that instead of the mobile app to escape the dangers of in-app browser pages.
3. Check what kind of information your apps keep about you
If you’re worried about your general online privacy, you can also use additional security software to protect your sensitive information.
You can replace your data-intensive Google Chrome with one of the more secure browsers, for example. You should also consider securing your overall anonymity online with a secure VPN service.
One of the best cheap VPN services, Surfshark, even offers a comprehensive security package that includes four cybersecurity tools with one subscription. Surfshark One comes with its own vpna data leak detection systema private search engine and anti-virus Software.