Analysis Suggests Instagram Tracks User Web Activity Through In-App Browser

by

A new analysis of the Instagram app has suggested that every time a user clicks a link within the app, Instagram is capable of monitoring all of their interactions, text selections, and even text input, such as passwords and private credit card details within websites inside the app.

Instagram Feature 2
The analysis conducted by Felix Krause found that both Instagram and Facebook on iOS use their own in-app browser, rather than the one offered by Apple for third-party apps. Most apps use Apple's Safari for loading websites, but Instagram and Facebook have been using their own in-app browser to load websites within the app.

With their custom-built browser, still based on WebKit, Instagram and Facebook inject a tracking JavaScript code named "Meta Pixel" into all links and websites shown. With that code, Meta has total freedom to track users' interactions without their explicit consent, Krause finds.

This allows Instagram to monitor everything happening on external websites without the consent from the user, nor the website provider.

The Instagram app injects their tracking code into every website shown, including when clicking on ads, enabling them monitor all user interactions, like every button & link tapped, text selections, screenshots, as well as any form inputs, like passwords, addresses, and credit card numbers.

As Krause points out, it takes reasonable effort for companies like Meta to develop and maintain their own in-app browser rather than to use Apple's built-in Safari. On its developer portal, Meta claims "Meta Pixel" is designed to "track visitor activity on your website" by monitoring all events a user does within their custom-built browser. There is no evidence that Meta, which owns Instagram, has actively gathered the user data it's capable of collecting. As Krause writes:

Does Facebook actually steal my passwords, address and credit card numbers? No! I didn't prove the exact data Instagram is tracking, but wanted to showcase the kind of data they could get without you knowing. As shown in the past, if it's possible for a company to get access to data for free, without asking the user for permission, they will track it.

However, this practice is in violation of Apple's App Tracking Transparency (ATT) policy. ATT requires that all apps ask for user consent before tracking them across apps and websites owned by other companies.

Meta has repeatedly pushed back against Apple's goal of giving users a choice on whether or not they wish to be tracked. In December 2020, Meta took out a full-page newspaper ad attacking Apple for the change. Krause says he shared his findings with Meta, which responded by saying they've confirmed the "issue" but have not responded since. Krause says he gave Meta a two-week notice before deciding to go public with his findings.

Tag: Instagram

Popular Stories

iPhone SE 4 Vertical Camera Feature

iPhone SE 4 Rumored to Use Same Rear Chassis as iPhone 16

Friday July 19, 2024 7:16 am PDT by
Apple will adopt the same rear chassis manufacturing process for the iPhone SE 4 that it is using for the upcoming standard iPhone 16, claims a new rumor coming out of China. According to the Weibo-based leaker "Fixed Focus Digital," the backplate manufacturing process for the iPhone SE 4 is "exactly the same" as the standard model in Apple's upcoming iPhone 16 lineup, which is expected to...
Read Full Article132 comments
iPhone 16 Pro Sizes Feature

iPhone 16 Series Is Just Two Months Away: Everything We Know

Monday July 15, 2024 4:44 am PDT by
Apple typically releases its new iPhone series around mid-September, which means we are about two months out from the launch of the iPhone 16. Like the iPhone 15 series, this year's lineup is expected to stick with four models – iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max – although there are plenty of design differences and new features to take into account. To bring ...
Read Full Article129 comments
iphone 14 lineup

Cellebrite Unable to Unlock iPhones on iOS 17.4 or Later, Leak Reveals

Thursday July 18, 2024 4:18 am PDT by
Israel-based mobile forensics company Cellebrite is unable to unlock iPhones running iOS 17.4 or later, according to leaked documents verified by 404 Media. The documents provide a rare glimpse into the capabilities of the company's mobile forensics tools and highlight the ongoing security improvements in Apple's latest devices. The leaked "Cellebrite iOS Support Matrix" obtained by 404 Media...
Read Full Article66 comments
tinypod apple watch

TinyPod Turns Your Apple Watch Into an iPod

Wednesday July 17, 2024 3:18 pm PDT by
If you have an old Apple Watch and you're not sure what to do with it, a new product called TinyPod might be the answer. Priced at $79, the TinyPod is a silicone case with a built-in scroll wheel that houses the Apple Watch chassis. When an Apple Watch is placed inside the TinyPod, the click wheel on the case is able to be used to scroll through the Apple Watch interface. The feature works...
Read Full Article133 comments
bsod

Crowdstrike Says Global IT Outage Impacting Windows PCs, But Mac and Linux Hosts Not Affected

Friday July 19, 2024 3:12 am PDT by
A widespread system failure is currently affecting numerous Windows devices globally, causing critical boot failures across various industries, including banks, rail networks, airlines, retailers, broadcasters, healthcare, and many more sectors. The issue, manifesting as a Blue Screen of Death (BSOD), is preventing computers from starting up properly and forcing them into continuous recovery...
Read Full Article474 comments
New MacBook Pros Launching Tomorrow With These 4 New Features 2

M5 MacBook Models to Use New Compact Camera Module in 2025

Wednesday July 17, 2024 2:58 am PDT by
Apple in 2025 will take on a new compact camera module (CCM) supplier for future MacBook models powered by its next-generation M5 chip, according to Apple analyst Ming-Chi Kuo. Writing in his latest investor note on unny-opticals-2025-business-momentum-to-benefit-509819818c2a">Medium, Kuo said Apple will turn to Sunny Optical for the CCM in its M5 MacBooks. The Chinese optical lens company...
Read Full Article112 comments

Top Rated Comments

TheYayAreaLiving ?️ Avatar
TheYayAreaLiving ?️
26 months ago
Never trust Facebook with anything.
Score: 45 Votes (Like | Disagree)
ponzicoinbro Avatar
ponzicoinbro
26 months ago
No surprise.

And guess what?

FB tracks everyone who doesn’t even use their apps.

Look at your browser cookies and you will see.

Clear your browser cookies and see again after a couple of hours of random surfing.



Attachment Image
Score: 27 Votes (Like | Disagree)
BootsWalking Avatar
BootsWalking
26 months ago
There is no evidence that Meta, which owns Instagram, has actively gathered the user data it's capable of collecting.

I'd like to submit the following evidence:



Attachment Image
Score: 18 Votes (Like | Disagree)
SwiftArtery Avatar
SwiftArtery
26 months ago
Is anyone really surprised?



Attachment Image
Score: 17 Votes (Like | Disagree)
dinobear Avatar
dinobear
26 months ago
I assumed they do do this already. the way links

I'm sure Apple tracks everything you do as well.
I don't think they do though. Not in the way fb does. Apple makes their money on iPhones and 30% app store cut, not selling our info.
Score: 17 Votes (Like | Disagree)
Smoovejayy Avatar
Smoovejayy
26 months ago
I always figured that was the case when using any in-app browser, that's why I opt to open any of those links in the actual browser, not inside the app's browser.
Score: 12 Votes (Like | Disagree)
Read All Comments