• About

  • Wednesday, 10 Aug 2022 7:30 pm

    Meta's in-app browser tracking

    Counterargument to yesterday's post about PWAs vs. native apps: Instagram and Facebook are injecting tracking scripts to their in-app browsers! It looks like they're doing this by using a webview, rather than the embedded Safari view, to show the web within the Instagram/Facebook app.

    This is eminently not a problem if you're using Instagram or Facebook in the browser, rather than using the mobile app. Similarly, if you use the "Open in Browser" option for links in Instagram/Facebook, they won't be able to track you there, either. The tracking code is only embedded in webviews launched by the Instagram/Facebook app.

    Obviously blame lies at least a little bit with Apple for making this sort of thing possible—which sort of works at cross-purposes to their argument that Safari is the only viably secure browser on iPhones.

    (Interestingly, this tracking behaviour isn't found on the in-app browser on WhatsApp—another Meta property.)

    Web Security Apple Apps

Elsewhere on the web

  • Github
  • Mastodon
  • Letterboxd
  • •
  • RSS