If you use Instagram then this news can bother you. According to a report, the Instagram app can track every conversation of its users with the help of its in-app browser – including all form inputs like password, address, every single tap, text selection and screenshots. The Instagram app reportedly injects JavaScript code into every website shown, including clicking on ads, allowing the company to monitor all user interactions. According to Meta, the script the Instagram app injects helps the company “aggregate events” and respect users’ App Tracking Transparency (ATT) opt-out likes.

Injects JavaScript code into every site
According to a blog post by Felix Cross, the Instagram app injects its own JavaScript code into each website shown, when clicking on ads in the app. Injecting custom scripts into third-party websites allows the platform to “all user interactions, such as every button and link tap, text selection, screenshot, as well as any form input, such as passwords, addresses, and credit card numbers” without the user’s consent. can monitor.

Also read- This robot will understand happiness and sorrow: will recognize people and their gestures and will also talk

This is how data tracking works
Simply put, when you tap on a website link, swipe the link, or tap a link to buy anything through ads on Instagram, it’s the default browser (Google Chrome, Safari or other) opens a window in the in-app browser. According to the blog, the Instagram app injects their JavaScript code into every website shown, allowing them to “monitor everything that happens on external websites – even without the consent of the user and website provider” – when You must be using Open website in Instagram app browser.

The App Tracking Transparency feature in iOS 14.5 allows users to decide which apps are allowed to track their data. Meta reportedly said that it has caused a loss of $10 billion (about Rs 80,000 crore) to the company annually. The blog notes that to stay protected from tracking, users can copy and open the link in their preferred browser. Apple’s web browser Safari blocks third-party cookies by default, Google Chrome will soon begin phasing out third-party cookies, and Firefox’s recently announced Total Cookie Protection blocks any cross-party cookies. The page will stop tracking.

Also read- This short power bank will charge laptop-phones instantly; Its Speed ​​Fails Well

Meta gave this clarification
Meanwhile, Meta responded to Cross by saying that the script it injects is “not a meta pixel” — a snippet of JavaScript code that allows visitor activity to be tracked on the website. Meta says this is the pcm.js script that “helps aggregate events, that is, online purchases, before those events are used for target advertising and measurement for the Facebook platform.” Meta also said that the injected script respects the user’s App Tracking Transparency (ATT) opt-out choice “which is only relevant if the submitted website has a Meta Pixel installed.” ATT is a framework on iOS that requires all iOS apps to ask users for permission to share their data.

Cross says he’s back on meta asking for more information on the same. However, he points out that all of this (injecting code and respecting the user’s ATT choice) “wouldn’t be necessary if Instagram opened the phone’s default browser instead of creating and using a custom in-app browser.”

Leave a Reply