Charles Harries

| Stream

Meta's in-app browser tracking

Instagram and Facebook will track your behaviour online if you use the browsers embedded within their apps.

Counterargument to yesterday's post about PWAs vs. native apps: Instagram and Facebook are injecting tracking scripts to their in-app browsers! It looks like they're doing this by using a webview, rather than the embedded Safari view, to show the web within the Instagram/Facebook app.

This is eminently not a problem if you're using Instagram or Facebook in the browser, rather than using the mobile app. Similarly, if you use the "Open in Browser" option for links in Instagram/Facebook, they won't be able to track you there, either. The tracking code is only embedded in webviews launched by the Instagram/Facebook app.

Obviously blame lies at least a little bit with Apple for making this sort of thing possible—which sort of works at cross-purposes to their argument that Safari is the only viably secure browser on iPhones.

(Interestingly, this tracking behaviour isn't found on the in-app browser on WhatsApp—another Meta property.)

Web Security Apple Apps