When users open a link on the Facebook and Instagram apps, they’re taken to the respective page not via a browser of their choice, one installed on their phones, but via Facebook or Instagram’s in-app browser. While this may seem convenient, recent reports suggest parent company Meta may have other motives behind implementing an in-app browser for links.
As per a report by researcher Felix Krause, via Engadget, it is found that the default in-app browser on Facebook and Instagram injects ‘tracking code’ into every website it visits for you, allowing a number of elements to be monitored, likely without the user’s explicit knowledge. These include which ads you click on, which buttons you hit, text selections and more.
“The Instagram app injects their tracking code into every website shown, including when clicking on ads, enabling them to monitor all user interactions, like every button and link tapped, text selections, screenshots, as well as any form inputs, like passwords, addresses and credit card numbers,” Krause said in a blog post.
In a later tweet, Krause admits that Facebook reached out to the researcher saying the system they’ve built honours the user’s ATT choice
Krause further added that communication app WhatsApp, also owned by Meta, doesn’t modify third party websites in a similar way, and suggested that Facebook and Instagram should also follow similar methods.