According to a recent report, the photo-sharing platform Instagram, which is owned by Meta, has the capability of monitoring the activities, text selections, and even text input of its users, including confidential credit card information and passwords, if those users visit a link within the app.
According to the findings of the research that was carried out by Felix Krause, both Instagram and Facebook on iOS use their very own in-app browser rather than the one that is provided by Apple for use with third-party applications.
According to MacRumors, Instagram and Facebook have been using their own in-app browsers to load websites within the app. The majority of apps use Apple’s Safari to load websites, but Instagram and Facebook have been using their own browsers.
Krause discovered that with that code, Meta has complete freedom to track the interactions of users even without the explicit consent of those users.
According to the report, this enables Instagram to monitor everything that takes place on external websites without the consent of either the user or the provider of the external website.
The Instagram app injects its tracking code into every website that is displayed, including when users click on advertisements. This gives Instagram the ability to track and record every interaction that a user has with the app, including every button and link that is tapped, text that is selected, screenshots taken, and any form inputs that are made, such as passwords, addresses, and credit card numbers.
When compared to the effort required to use Apple’s built-in Safari, developing and maintaining a company’s very own in-app browser, as Krause pointed out, is a significant undertaking for most businesses.
Meta claims that its “Meta Pixel” is designed to “track visitor activity on your website” by monitoring all events that a user does within their own custom-built browser. This information can be found on the developer portal that Meta provides. There is no indication that Meta, the company that owns Instagram, has made any effort to actively collect the user data that it is capable of collecting.