Instagram and Facebook can track anything you do on any website in their in-app browser
The iOS Instagram and Facebook app render all third party links and ads within their app using a custom in-app browser. This causes various risks for the user, with the host app being able to track every single interaction with external websites, from all form inputs like passwords and addresses, to every single tap.
What gets injected?
The external JavaScript file the Instagram app injects is the (https://connect.facebook.net/en_US/pcm.js) which is code to build a bridge to communicate with the host app.According to Meta’s info provided to me in response to this publication, it helps aggregate events
How to protect yourself as a user?
- Escape the in-app-webview
- Use the web version
Top comments (0)