Facebook has been sued for allegedly spying on people on an in-app web browser

Facebook has been sued for allegedly spying on people on an in-app web browser ...

Meta is being sued for allegedly gathering personally identifiable information (PII) without telling them.

The problem arises in how Facebook and Instagram''s operating systems handle internet links on an iOS device. Both apps have their own embedded internet browsers (opens in a new tab) and the WKWebView, which renders the pages when a user clicks on a link (imstead of opening them in, say, Safari, or Chrome).

On the users side, clicking a link would make it appear like a page had been opened, rather than as if it was opened in a separate app. However, the plaintiffs claim that the browser also provides JavaScript code that collects data, something other browsers would not be able to do.

Personally identifiable information

"After users click on a link within the Facebook app, Meta automatically redirects them to the browser that it is monitoring instead of the smartphone default browser, without warning them about this happening or they are being tracked," says the lawsuit.

"The user information Meta intercepts, monitors, and records includes personally identifiable information, private health information, text entries, and other sensitive confidential facts."

Previous data from cybersecurity researcher Felix Krause increased the risk in August 2022.

Meta responded by saying the code injection was performed to protect users'' privacy (opens in a new tab).

"We intentionally developed this code to honor people''s App Tracking Transparency (ATT) choices on our platforms," a Meta spokesperson told The Register. "The code allows us to aggregate data before it is used for targeted advertising or measurement purposes."

Apple''s data collecting practices are not disputed by the plaintiffs, but rather because it kept the ground.

"Meta is failing to disclose the consequences of visiting, navigating, and communicating with third-party websites from within Facebook''s in-app browser, namely, that doing so overrides their default browsers privacy settings, which users rely on to prevent and block tracking," the complaint states.

"Egally, Meta conceals the fact that it injects JavaScript that alters external third-party websites so that it may intercept, track, and record data that it otherwise could not access."

The company denied the allegations, with a spokesperson saying: These statements are without merit, and we will defend ourselves vigorously."

"We have carefully designed our in-app browser to accommodate users'' privacy preferences, including how data may be used for advertising."