Security News > 2022 > August > Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’
Users of Apple's Instagram and Facebook iOS apps are being warned that both use an in-app browser that allows parent company Meta to track 'every single tap' users make with external websites accessed via the software.
iOS users' concerns over tracking were addressed by Apple's 2021 release of iOS 14.5 and a feature called App Tracking Transparency.
That means, when an iOS user of Facebook and Instagram click on a link within a Facebook and Instagram post, Meta launches its own in-app browser which can then track what you do on external sites you visit.
"The Instagram app injects their JavaScript code into every website shown, including when clicking on ads. Even though pcm.js doesn't do this, injecting custom scripts into third party websites allows them to monitor all user interactions, like every button & link tapped, text selections, screenshots, as well as any form inputs, like passwords, addresses and credit card numbers," Krause wrote.
The code is used by both apps and enables both apps to build a communication bridge between in-app website content and the host app.
Meta explained to Krause that it respects Apple's App Tracking Transparency rule, which requires app developers to get permission before tracking.