Meta is being sued for allegedly collecting Personally Identifiable Information (PII) on its Facebook and Instagram users without informing them of it.
According to the lawsuit, the problem is how the Facebook and Instagram platforms handle the internet connections on the iOS device. Both applications have their own built-in web browsers (opens in a new tab)WKWebView, which renders pages when a user clicks a link (as opposed to opening links in, say, Safari or Chrome).
On the user side, clicking the link would appear as if the application was opening the page rather than opening it in a separate application. However, plaintiffs argue that the browser also injects JavaScript code that collects data – something other browsers would not be able to do.
Personal data
“When users click a link in the Facebook application, Meta automatically directs them to the browser on the application it monitors, instead of the smartphone’s default browser, without letting users know that it is happening or being tracked,” the lawsuit says.
“The user information Meta captures, monitors, and records includes personally identifiable information, private health data, text entries, and other confidential, confidential facts.”
The case was reinforced by the earlier findings of cybersecurity researcher Felix Krause, who raised the issue in August 2022.
When Krause published his findings, Meta replied that the code injection was done to respect user privacy (opens in a new tab) elections.
“We purposely developed this code to honor users’ choices about Application Tracking Transparency (ATT) on our platforms,” said a Meta spokesman. Register. “The code allows us to aggregate data before it is used for targeted advertising or for measurement purposes.”
The plaintiffs, Gabriele Willis and Kerreisha Davis, do not dispute Apple’s data collection practices, only the fact that the company has remained silent about it.
“Meta does not disclose the consequences of browsing, navigating and communicating with third party sites from a browser in the Facebook app – namely, that doing so overrides the default browser privacy settings that users rely on to block and prevent tracking.” says in the complaint.
“Similarly, Meta hides the fact that it injects JavaScript, which alters external third party websites so it can capture, track, and log data that it would not otherwise have access to.”
The company rejected these claims, and a spokesman said, “These allegations are unfounded and we will defend ourselves vigorously.”
“We have carefully designed our in-app browser to respect user privacy choices, including how data may be used in advertising.”
- These are the best VPNs (opens in a new tab) around
By: Register (opens in a new tab)