The Electronic Frontier Foundation reported that Meta lost $10 billion in revenue due to people opting out of third-party tracking after Apple's privacy rules were changed.
Meta's business model depends on selling user data to advertisers, and it seems that the owner of Facebook andInstagram sought new paths to recover from the sudden loss of revenue. Last month, a privacy researcher and former Google engineer, Felix Krause, alleged that one way Meta sought to recover its losses was by directing any link a user clicks in the app to open in a browser.
In the past week, two class action lawsuits have been filed, accusing Meta of concealing privacy risks, circumventing privacy choices, and intercepting. Meta's in-app browser allows it to access "personally identifiable information, private health details, text entries, and other sensitive confidential facts" without the knowledge of users.
Two people from California and Louisiana filed a complaint yesterday. Adam Polk told Ars that it was an important case to stop Meta from hiding their continued privacy invasions. A Federal Trade Commission investigation resulted in a $5 billion fine for Meta.
AdvertisementPolk said that using an app doesn't give the app company license to look over your shoulder. This litigation seeks to hold Meta accountable for secretly monitoring people's browsing activity through its in-app tracking even when they haven't allowed Meta to do that.
Meta did not reply immediately. He doesn't want to comment.
Meta has been injecting code into third-party websites, a practice that allows Meta to track users and intercept data that would otherwise be unavailable to it.
The website inappbrowser.com was built to investigate the potential privacy issue. He compared an app like Telegram, which doesn't inject Javascript code into third-party websites to track user data in its in-app browser, with the Facebook app, which does.
In the case of tests on Facebook and Instagram apps, theHTML file clearly showed that Meta uses Javascript to alter websites and circumvent users' default privacy settings by directing users to Facebook's in-app browser instead of their pre-programmed default web browser
This tactic of injecting code seemingly employed by Meta to "eavesdrop" on users was previously known as a Javascript Injection Attack. There are instances where a threat actor injects malicious code directly into the client-side Javascript. The threat actor can take control of the website and collect sensitive data, such as personally identifiable information or payment information.
According to the complaint, Meta is using this coding tool to gain an advantage over its competitors and to preserve its ability to intercept and track their communication.
When Krause reported the issue to its bug bounty program, Meta acknowledged that it tracked Facebook users' in-app browsing activity. Meta confirmed that it uses data from in-app browsing for targeted advertising, according to the complaints.