facebook-instagram.jpg" alt="Spy Facebook Instagram" >
If you are used to using social networks like Facebook and Instagram on mobile and you have tried to open a link, you will have verified that it does not redirect you to your browser, but to one integrated into the applications themselves.
The danger of using the integrated browser
As researcher Felix Krause discovered, in a blog post recounting his findings, “Instagram’s app injects its tracking code into every website displayed, including when ads are clicked, allowing them to monitor all user interactions, such as every button and link tapped, text selections, screenshots, as well as any form input, such as passwords, addresses and credit card numbers«.
Specifically, he has based his research on the iOS versions of Instagram and Facebook. If you remember, the iOS 14.5 update included the feature of App Tracking Transparency, which allowed you to disable app tracking when opened for the first time since installing that firmware version. Meta was not very in favor of this practice, quantifying the losses that they would have derived from it at around 10,000 million dollars.
Meta wanted to defend himself and give his version of the purpose of this follow-up in The Guardian: “The code allows us to aggregate user data before using it for advertising or measurement purposes. We do not add any pixels. The code is injected so we can add pixel conversion events. For purchases made through the in-app browser, we seek user consent to save payment information for autofill purposes.”.
whatsapp is released
According to Krause’s research, WhatsApp doesn’t work in a similar way, so does not modify third-party websites as it happens in the case of Instagram and Facebook.
In this way, Krause suggests that this is what Facebook and Instagram should apply, or simply open with browsers such as Safari (in the example of his research on iOS) or any other browser. “It is the best for the user and the right thing to do”. Until then, better not to open links directly from these social networks and try to copy the URL and paste it in another alternative browser with less private data leaks.