Facebook and Instagram’s built-in browsers can track user activity, report says

13 Aug. (Portaltic/EP) –

The applications of Facebook and Instagram, owned by Meta, they have the ability to monitor and record a large part of user activity through the browsers integrated into both platforms.

Integrated browsers are those available on these social networks that are integrated into store or service profiles and that allow you to open links to websites without having to leave the application.

In this way, these applications can have access to all the movements made by users and find out what their tastes or needs are, depending on the type of browsing they do on these websites.

Recently the researcher and developer of the Fastlane platform, Felix Kraus, has published a report in which he warns of the impact that these browsers have on the privacy of users and has set the example of this with the owners of iOS devices.

As pointed out in this report, the Instagram and Facebook applications for the Apple operating system have a personalized browser that allows you to visit third-party links and ads, instead of using the browser of Safari integrated.

As the researcher points out, this practice implemented by Meta generates various risks for users, since it allows that applications with these types of restrictions can track user interactions on third-party websites.

In this way, these applications can have access to sensitive information, such as passwords, credit card numbers or addresses entered, as well as screenshots and text selections.

In this regard, the analysis highlights that Instagram’s built-in browser is capable of auto-completing the user’s address and payment information. However, there is a legitimate reason for this feature, as this mechanism is present in an external web browser or in the device’s own operating system.

To proceed with this autocomplete, applications such as Instagram and Facebook inject their JavaScript code into each website that they show to users of their platforms, including advertisements. This allows them to monitor each of your interactions with the page.

To reach this conclusion, Krause has created a tool through which he has been able to classify all the additional commands added to a website by the browser, as he has anticipated TheGuardian.

After implementing it in other applications and external browsers, in which no changes have been detected, the specialist has discovered up to 18 lines of code added by Facebook and Instagram on web page links that they display within their own browser.

These lines of code are capable of scanning the user’s device for a cross-platform tracking kit. If they do not detect one installed, they activate targetpixel, a tracking tool that allows you to monitor all user activity and build a precise profile based on your interests.

While Krause’s report has focused on iOS, he has also carried out a series of tests on the Android version of Instagram, where he has recorded a number of additional lines of code on links opened within the built-in browser.

On the other hand, the engineer has also analyzed WhatsApp, also owned by Meta. In this case, it has detected that the instant messaging platform is capable of opening third-party links in Safari by default, unlike Facebook and Instagram.

After the publication of this report, Meta has defended its way of proceeding on the platforms studied, as the author of the article pointed out in this blog post.

Specifically, the company has assured that this practice helps Facebook and Instagram to adjust to the preferences of its users and that the information collected is intended to aggregate online purchases before they are used as personalized advertising.

HOW TO AVOID THE TRACKING OF THESE INTEGRATED BROWSER

To avoid this tracking, this report advances different access alternatives to these links. In the first place, it is proposed to use the web version of Facebook and Instagram from the mobile device’s own browser, instead of installing the application of these services, available in the App Store, on the device.

The other option is to use the applications, but when you open one of these links, choosing the option of open it in an external browser. This is found on the three dots icon at the top right of the interface.

The last alternative requires a further step, since the URL of the web page in question must be copied and pasted into a browser other than the one integrated by the application itself.