Instagram and Facebook’s In-App Browser Bypasses Apple Tracking Protections: Report

One developer’s in-depth investigation into Meta’s iOS apps for Instagram and Facebook has revealed that the social media and advertising giant can track a user and collect all sorts of data when they open an external link through these apps.

“The iOS Instagram and Facebook app render all third party links and ads within their app using a custom in-app browser,” Felix Krause, founder of popular developer tool fastlane, said in a recent blog post.

“This causes various risks for the user, with the host app being able to track every single interaction with external websites, from all form inputs like passwords and addresses, to every single tap.”

Now, that’s not to say that Meta is actually collecting user passwords — just that it can. The way the Facebook and Instagram apps are collecting iOS users’ data actively circumvents Apple’s safeguards against the very practice.

With iOS 14.5 last year, Apple started rolling out the App Tracking Transparency framework to prevent undisclosed tracking of users and put control of their data back into users’ hands.

Earlier this year, Meta disclosed that Apple’s new privacy features could cost the company $10 billion USD in annual advertising revenue. That being the case, Meta’s motivation behind tracking users and collecting data through its own custom browser is pretty obvious.

Until a more concrete solution to this potential privacy violation becomes available, users who do not wish to be tracked by Meta when they open external links can simply use the “Open in Browser” option in Facebook and Instagram’s in-app browsers to open the link in Safari instead.

If “Open in Browser” or a similar option isn’t available, you’ll have to go old school and simply copy the website address and paste it into Safari.

What do you think about Meta’s user tracking practices? Should companies like Meta be required to ask users for consent before collecting their data? Let us know in the comments below.

Meta reached out to iPhone in Canada via email following publication, refuting Krause’s claims. A Meta spokesperson said:

These claims are false and misrepresent how Meta’s in-app browser and Pixel work. We intentionally developed this code to honor people’s App Tracking Transparency choices on our platforms.

Update (August 12): Added official Meta statement provided to iPhone in Canada by a spokesperson.

P.S. - Like our news? Support the site with a coffee/beer. Or shop with our Amazon link. We use affiliate links when possible--thank you for supporting independent media.