Analysis Suggests Instagram Tracks User Web Activity Through In-App Browser

by

A new analysis of the Instagram app has suggested that every time a user clicks a link within the app, Instagram is capable of monitoring all of their interactions, text selections, and even text input, such as passwords and private credit card details within websites inside the app.

Instagram Feature 2
The analysis conducted by Felix Krause found that both Instagram and Facebook on iOS use their own in-app browser, rather than the one offered by Apple for third-party apps. Most apps use Apple's Safari for loading websites, but Instagram and Facebook have been using their own in-app browser to load websites within the app.

With their custom-built browser, still based on WebKit, Instagram and Facebook inject a tracking JavaScript code named "Meta Pixel" into all links and websites shown. With that code, Meta has total freedom to track users' interactions without their explicit consent, Krause finds.

This allows Instagram to monitor everything happening on external websites without the consent from the user, nor the website provider.

The Instagram app injects their tracking code into every website shown, including when clicking on ads, enabling them monitor all user interactions, like every button & link tapped, text selections, screenshots, as well as any form inputs, like passwords, addresses, and credit card numbers.

As Krause points out, it takes reasonable effort for companies like Meta to develop and maintain their own in-app browser rather than to use Apple's built-in Safari. On its developer portal, Meta claims "Meta Pixel" is designed to "track visitor activity on your website" by monitoring all events a user does within their custom-built browser. There is no evidence that Meta, which owns Instagram, has actively gathered the user data it's capable of collecting. As Krause writes:

Does Facebook actually steal my passwords, address and credit card numbers? No! I didn't prove the exact data Instagram is tracking, but wanted to showcase the kind of data they could get without you knowing. As shown in the past, if it's possible for a company to get access to data for free, without asking the user for permission, they will track it.

However, this practice is in violation of Apple's App Tracking Transparency (ATT) policy. ATT requires that all apps ask for user consent before tracking them across apps and websites owned by other companies.

Meta has repeatedly pushed back against Apple's goal of giving users a choice on whether or not they wish to be tracked. In December 2020, Meta took out a full-page newspaper ad attacking Apple for the change. Krause says he shared his findings with Meta, which responded by saying they've confirmed the "issue" but have not responded since. Krause says he gave Meta a two-week notice before deciding to go public with his findings.

Tag: Instagram

Popular Stories

iPhone SE 4 Thumb 1

iPhone SE 4 With Apple's Own 5G Modem 'Confirmed' to Launch in March

Tuesday November 19, 2024 12:12 pm PST by
Barclays analyst Tom O'Malley and his colleagues recently traveled to Asia to meet with various electronics manufacturers and suppliers. In a research note this week, outlining key takeaways from the trip, the analysts said they have "confirmed" that a fourth-generation iPhone SE with an Apple-designed 5G modem is slated to launch towards the end of the first quarter next year. In line with previo...
Read Full Article131 comments
at t turbo indicator iphone 16 pro max v0 8hrh7w5f3w1e1

AT&T Turbo Indicator Showing Up in iPhone Status Bar for Subscribers

Wednesday November 20, 2024 3:42 am PST by
AT&T has begun displaying "Turbo" in the iPhone carrier label for customers subscribed to its premium network prioritization service, according to reports on Reddit. The new indicator seems to have started appearing after users updated to iOS 18.1.1, but that could be just coincidence. Image credit: Reddit user No_Highlight7476 The Turbo feature provides enhanced network performance through ...
Read Full Article105 comments
Generic iOS 18 Feature Real Mock

Apple Releases iOS 18.1.1 and iPadOS 18.1.1 With Security Fixes

Tuesday November 19, 2024 10:10 am PST by
Apple today released iOS 18.1.1 and iPadOS 18.1.1, minor updates to the iOS 18 and iPadOS 18 operating systems that debuted earlier in September. iOS 18.1.1 and iPadOS 18.1.1 come three weeks after the launch of iOS 18.1. The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update. Apple has also released iOS 17.7.2 for...
Read Full Article29 comments
anker new xmas 1

Anker Kicks Off Massive Black Friday Sale With Up to 50% Off Sitewide, Free Gifts With Purchase, Mystery Boxes, and More

Thursday November 21, 2024 7:53 am PST by
Anker today kicked off its big Black Friday sale, which is set to run through December 9. This sale includes notable discounts on portable chargers, USB-C hubs, cables, and more. Note: MacRumors is an affiliate partner with Anker. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running. There are a few bonus offers during this event as ...
Read Full Article21 comments
Apple 2024 Black Friday Shopping Event feature

Apple Announces 2024 Black Friday Event, Offering Up to $200 Gift Card

Thursday November 21, 2024 5:10 am PST by
Apple's annual four-day Black Friday through Cyber Monday shopping event is returning on Friday, November 29 through Monday, December 2 in many countries, including the U.S., Canada, Australia, France, Germany, Italy, Spain, the U.K., and others. During the event, customers can get an Apple gift card with the purchase of an eligible product. In the U.S., for instance, Apple is including gift ...
Read Full Article62 comments
apple card feature2

Apple Card 3% Daily Cash Back Now Available From Two More Apple Partners

Tuesday November 19, 2024 10:36 am PST by
Apple has partnered with select merchants to offer Apple Card users three percent Daily Cash back on their purchases, and two new companies were added to the partner list today. When purchasing goods and services from Booking.com and ChargePoint, Apple Card users will now get more cash back. Booking.com is a site for reserving flights, cars, cruises, and hotels, while ChargePoint sells...
Read Full Article12 comments
airtag purple

AirTag 2 Rumored to Launch Next Year With These New Features

Sunday November 17, 2024 5:18 am PST by
Apple released the AirTag in April 2021, so it is now three over and a half years old. While the AirTag has not received any hardware updates since then, a new version of the item tracking accessory is rumored to be in development. Below, we recap rumors about a second-generation AirTag. Timing Apple is aiming to release a new AirTag in mid-2025, according to Bloomberg's Mark Gurman....
Read Full Article100 comments
bug security vulnerability issue fix larry

Make Sure to Update: iOS 18.1.1 and macOS Sequoia 15.1.1 Fix Actively Exploited Vulnerabilities

Tuesday November 19, 2024 10:52 am PST by
The iOS 18.1.1, iPadOS 18.1.1, and macOS Sequoia 15.1.1 updates that Apple released today address JavaScriptCore and WebKit vulnerabilities that Apple says have been actively exploited on some devices. With the JavaScriptCore vulnerability, processing maliciously crafted web content could lead to arbitrary code execution. The WebKit vulnerability had the same issue with maliciously crafted...
Read Full Article71 comments

Top Rated Comments

TheYayAreaLiving ?️ Avatar
TheYayAreaLiving ?️
30 months ago
Never trust Facebook with anything.
Score: 45 Votes (Like | Disagree)
ponzicoinbro Avatar
ponzicoinbro
30 months ago
No surprise.

And guess what?

FB tracks everyone who doesn’t even use their apps.

Look at your browser cookies and you will see.

Clear your browser cookies and see again after a couple of hours of random surfing.



Attachment Image
Score: 27 Votes (Like | Disagree)
BootsWalking Avatar
BootsWalking
30 months ago
There is no evidence that Meta, which owns Instagram, has actively gathered the user data it's capable of collecting.

I'd like to submit the following evidence:



Attachment Image
Score: 18 Votes (Like | Disagree)
SwiftArtery Avatar
SwiftArtery
30 months ago
Is anyone really surprised?



Attachment Image
Score: 17 Votes (Like | Disagree)
dinobear Avatar
dinobear
30 months ago
I assumed they do do this already. the way links

I'm sure Apple tracks everything you do as well.
I don't think they do though. Not in the way fb does. Apple makes their money on iPhones and 30% app store cut, not selling our info.
Score: 17 Votes (Like | Disagree)
Smoovejayy Avatar
Smoovejayy
30 months ago
I always figured that was the case when using any in-app browser, that's why I opt to open any of those links in the actual browser, not inside the app's browser.
Score: 12 Votes (Like | Disagree)
Read All Comments