An analyst has now revealed that Meta is tracking its Facebook and Instagram users by injecting code into websites they visit through the apps. According to a new report from The Guardian, privacy research and former Google engineer Felix Krause has found additional lines of code on websites that were injected by Meta when you visit them by clicking on links while you’re in either the Facebook or Instagram apps, which opens the pages up through the in-app browser instead of external ones like Safari, Chrome or Firefox.
“The Instagram app injects their tracking code into every website shown, including when clicking on ads, enabling them [to] monitor all user interactions, like every button and link tapped, text selections, screenshots, as well as any form inputs, like passwords, addresses and credit card numbers,” Krause explained.
While Meta does not disclose this practice to users publicly, it responded in a statement that the tracking code complied with its users’ preferences when they selected whether or not to allow apps to follow them, and that the company only uses the data collected for targeted advertising and measurement purposes.
“We intentionally developed this code to honor people’s [Ask to track] choices on our platforms,” a spokesperson said. “The code allows us to aggregate user data before using it for targeted advertising or measurement purposes. We do not add any pixels. Code is injected so that we can aggregate conversion events from pixels.” It also added that “For purchases made through the in-app browser, we seek user consent to save payment information for the purposes of autofill.”
Elsewhere in the tech world, Apple could soon be implementing ads into its pre-installed apps as well.