A researcher noticed Facebook tracking users’ activities on iOS devices when using the in-app browser feature. Users should avoid using in-app browsing and open links via the Safari browser instead to prevent such tracking.
Facebook In-App Browser Tracking On iOS
Sharing the details in a recent post, the researcher Felix Krause revealed Facebook and Instagram keep tracking iOS users’ activities during in-app browsing.
This tracking occurs via both Instagram and Facebook apps where third-party JavaScript commands are executed when opening third-party links and ads via the apps. Though opening links via the app is optional, it is applied as a default feature. Hence, while a user can always choose to open the links via the web browser, it’s likely that the user may inadvertently proceed to use the in-app browsing feature.
With in-app browsing, the researchers observed Facebook and Instagram apps inject an external JavaScript file pcm.js to every website or ad the user browses. This file allows the Meta apps to read and log users’ precise activities.
While the researcher doesn’t precisely demonstrate the exact type of data being logged, Krause suspects that it may include users’ clicks on various links, screenshots taken, and form inputs, including passwords. (It doesn’t mean that Meta is spying on the users. Instead, the researcher merely explained that possibilities such tracking may allow –with the results depending upon the firm’s intentions.)
Meta’s Response To The Research
Following Krause’s research, Meta clarified that tracking helps the firm in analytics. As stated in his post,
The script that gets injected… [is] the pcm.js script, which, according to Meta, helps aggregate events, i.e. online purchase, before those events are used for targeted advertising and measurement for the Facebook platform.
Furthermore, Meta explained that they respect Apple’s App Tracking Transparency (ATT) rules, giving the users a choice to opt out.
However, the researcher elaborated that this opt-out feature is only viable for websites with Meta Pixel.
Therefore, for iOS users wanting complete privacy against this tracking, the researcher recommends using the web browser for opening links or ads. Since Safari already blocks third-party cookies, users don’t have to worry about web tracking.