Code injection from Meta in the in-app browser

Surely you have tried to open a link that interests you through Facebook or . You will have already noticed that the link does not open in the browser you are using, but within the Facebook or Instagram application.

So because the liar and the thief in the first year rejoice, we have news.

Meta, the owner of Facebook and Instagram, rewrites every web page its users visit, helping the company track them around the web, according to new research from a former Google engineer. The Guardian reports:

cinnamon

The apps take advantage of the fact that users who click on links are taken to web pages in an "in-app browser", controlled by Facebook or Instagram, rather than being sent to the user's browser, such as Safari or Firefox.

“The Instagram app inserts a tracking code on every website it displays, even when you click on ads, allowing them to track all user interactions, including every button and link clicked, text selections, screenshots, as well as any form input such as codes addresses and credit card numbers," says Felix Krause, a privacy researcher who built an app development tool that Google bought in 2017.

Krause discovered the code κατασκευάζοντας ένα νέο εργαλείο που μπορούσε να απαριθμήσει όλες τις επιπλέον εντολές που προστέθηκαν σε έναν ιστότοπο από το πρόγραμμα περιήγησης. Στα κανονικά προγράμματα περιήγησης και τις περισσότερες εφαρμογές, το εργαλείο δεν εντοπίζει αλλαγές, αλλά στο Facebook και το Instagram βρίσκει έως και 18 γραμμές κώδικα που προστίθενται από την εφαρμογή.

These lines of code appear to scan for a specific cross-platform tracking kit and, if it's not installed, call the Meta Pixel, a tracking tool that allows the company to follow a user around the web and build an accurate profile of their interests.

The company does not disclose to the user that it rewrites the web pages it opens in this way. It should be noted that no such tracking code was found in WhatsApp's in-app browser, according to Krause's research, and that it's unclear when Facebook began inserting code to track users who clicked on links.

Of course the response from Meta tried to downplay the fact

"We have deliberately created this code," said Mrς της Meta στον Guardian. “Ο κώδικας μας επιτρέπει να συγκεντρώνουμε δεδομένα χρήστη πριν τον χρησιμοποιήσουμε για στοχευμένους σκοπούς διαφήμισης ή μετρήσεων. Δεν προσθέτουμε pixel. Ο κώδικας εισάγεται έτσι ώστε να μπορούμε να συγκεντρώνουμε συμβάντα μετατροπής από pixel.”

"For in-app browser purchases, we ask for user consent to store payment information for autofill purposes."

Read more technical details

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
Code injection, meta, iguru

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).