Facebook sued for allegedly spying on users via in-app web browser

News
By
published

Facebook and Instagram browser sneakily gathers data, lawsuit says

Facebook on laptop
(Image credit: Luca Sammarco/Pexels)

Meta is being sued for allegedly gathering personally identifiable information (PII) on its Facebook and Instagram users without telling them. 

As per the lawsuit, the problem lies in how the company's Facebook and Instagram platforms handle internet links on an iOS device. Both apps have their own embedded internet browsers, the WKWebView, which render the pages when a user clicks on a link (as opposed to opening the links in, say, Safari, or Chrome).

On the user’s side, clicking a link would make it seem as if the app opened the page, rather than as if it was opened in a separate app. However, the plaintiffs say that the browser also injects JavaScript code that gathers data - something other browsers wouldn’t be able to do.

Personally identifiable information

"When users click on a link within the Facebook app, Meta automatically directs them to the in-app browser it is monitoring instead of the smartphone’s default browser, without telling users that this is happening or they are being tracked," the lawsuit says.

"The user information Meta intercepts, monitors and records includes personally identifiable information, private health details, text entries, and other sensitive confidential facts."

The case was boosted by previous findings from cybersecurity researcher Felix Krause, who raised the issue in August 2022.

When Krause published his findings, Meta responded by saying the code injection was done to respect user privacy choices.

"We intentionally developed this code to honor people's App Tracking Transparency (ATT) choices on our platforms," a Meta spokesperson told The Register. "The code allows us to aggregate data before it is used for targeted advertising or measurement purposes."

Read more

> How do social media in-app browsers affect your online privacy?

> Mozilla wants to show just how much Meta and Facebook tracks you

> Check out the best proxies right now

The plaintiffs, Gabriele Willis and Kerreisha Davis, do not dispute Apple’s data gathering practices, just the fact that it kept quiet about it. 

"Meta fails to disclose the consequences of browsing, navigating, and communicating with third-party websites from within Facebook’s in-app browser – namely, that doing so overrides their default browser’s privacy settings, which users rely on to block and prevent tracking," it says in the complaint. 

"Similarly, Meta conceals the fact that it injects JavaScript that alters external third-party websites so that it can intercept, track, and record data that it otherwise could not access."

The company rejected the claims, with a spokesperson saying: “These allegations are without merit and we will defend ourselves vigorously."

"We have carefully designed our in-app browser to respect users' privacy choices, including how data may be used for ads."

Via: The Register

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

More about software services
A phone sitting on a laptop keyboard with the Microsoft Outlook logo on the screen.

Gmail vs Outlook for business: which email system is right for your organization?

Windows 11 Start menu layout choices: Grid view

Windows 11 vs Linux for business: which operating system should you embrace?
Kensington SD5000T5 EQ

I reviewed the Kensington SD5000T5 EQ and this docking station has all the Thunderbolt 5 ports you'll ever need
See more latest