Meta's in-app browser tracking

Counterargument to yesterday's post about PWAs vs. native apps: Instagram and Facebook are injecting tracking scripts to their in-app browsers! It looks like they're doing this by using a webview, rather than the embedded Safari view, to show the web within the Instagram/Facebook app.

This is eminently not a problem if you're using Instagram or Facebook in the browser, rather than using the mobile app. Similarly, if you use the "Open in Browser" option for links in Instagram/Facebook, they won't be able to track you there, either. The tracking code is only embedded in webviews launched by the Instagram/Facebook app.

Obviously blame lies at least a little bit with Apple for making this sort of thing possible—which sort of works at cross-purposes to their argument that Safari is the only viably secure browser on iPhones.

(Interestingly, this tracking behaviour isn't found on the in-app browser on WhatsApp—another Meta property.)

Web Security Apple Apps


Microsoft Fluent Emoji

Microsoft outdid themselves with their fluent emoji, and now that they've open sourced them, they've outdid themselves again.


Most PWAs have a certain janky feeling to them that distinguishes them from native apps. But, a PWA, doesn't have that jank.