By TecRounder
Do you believe that using the incognito mode on your browser will keep you secure online? Think twice if you’re using Android, as Yandex and Meta can see you just fine.
Millions of websites have trackers installed by Meta.
Meta is tracking you online using a recently discovered tracking technique that utilises its native programs, such as Facebook and Instagram. An international group of researchers from IMDEA Networks and Radboud University found that this method is effective even when you:
- You are not logged into Facebook or Instagram on your mobile browser.
- Using incognito or private browsing modes.
- Clear your cookies and other browsing data.
According to the technical assessment of the method, “these practices may be implemented in websites without explicit and appropriate cookie consent forms.” This implies that tracking will continue even if a website runs the tracker script before you have consented to the necessary cookies.
A script known as Meta Pixel, which is integrated into millions of webpages and connects to apps on your phone, is how this monitoring technique operates. The script sends browser cookies and your mobile browsing sessions to the loaded apps so they can be linked to your device identifiers.
They can then track you online by connecting the received data to your Facebook or Instagram app account. Although Android apps already follow you, this kind of tracking from the browser to the native app has never been observed before.
The tracking is intended to help advertisers gauge the success of their advertising initiatives. The Russian search engine company Yandex has been using a similar strategy with its apps and script (named Yandex Metrica) since 2017, but Meta has been doing this since at least September 2024. But since June 3, the Meta Pixel script has ceased to function, and nearly all of its underlying code has been eliminated.
An estimated 5.8 million sites have the Meta Pixel script installed, whereas 3 million sites have the Yandex Metrica script. By abusing a number of valid internet protocols and Android’s capability to allow websites to interact with installed apps, the scripts also seem to be specifically targeting Android users. Although the attack hasn’t been seen on iOS yet, the researchers point out that such data sharing between native apps and iOS browsers is “technically possible.”
How to Prevent Being Tracked
Simply switching to more security-focused browsers like DuckDuckGo or Brave is the simplest approach to avoid being tracked because the problem affects Chrome and, consequently, Chromium-based browsers. You’re secure, though, because the Meta script has gone offline—unless you utilise Yandex services and have any Yandex apps installed on your phone.
Removing the apps from your phone is an additional option. But since Facebook and Instagram are two of the most widely used social media sites, your user experience is severely limited if you don’t have the native app.
Google is aware of the problem and ought to enhance Android’s handling of local port access and web browser-native app data interchange. That said, there’s no word from Google on whether it’ll change this behaviour or Android, so uninstalling Meta and Yandex apps from your phone remains the safest course of action.
Views: 31
