Meta was sued on Wednesday for allegedly developing a secret workaround that allowed the company to circumvent privacy safeguards introduced by Apple early last year to protect iPhone users from monitoring their activity on the Internet. In a proposed class action lawsuit filed Wednesday in federal court in San Francisco, two Facebook users accuse the company of circumventing Apple’s privacy rules and violating state and federal laws limiting unauthorized data collection. personal.
At the WWDC 2020 conference, Apple announced that with the release of iOS 14, IDFA (IDentifier For Advertisers) will now be an opt-in feature, which means that users must give their explicit consent to both the advertiser and to the destination applications to allow them to track them on the Internet. LIDFA is the standard adopted by Apple allowing mobile advertising networks to track users and serve them targeted advertisements. The same goes for advertising applications, their advertising partners, and their attribution partners.
Privacy settings in iOS 14 will reduce ad targeting for businesses. Meta (then Facebook Inc.) understood this and said at the time that this update that the Apple brand was preparing to launch would seriously harm part of its activities, in particular online advertising which relies on user tracking. According to estimates from the social media company, the new privacy rules introduced by the Cupertino company could cost up to Meta$10 billion this year alone.
If Meta’s protests did not prevent the launch of iOS 14, the company seems to have found a way around the limitations put in place by Apple. In any case, so says a complaint filed Wednesday in San Francisco by two Facebook users. According to sources familiar with the matter, a similar complaint was filed in the same court last week. They accused the tech giant “of circumventing the privacy rules put in place by Apple in 2021 and of violating state and federal laws limiting the unauthorized collection of personal data.”
After the discovery was published, Meta reportedly reacted by saying that injecting this code helped group events, like online purchases, before they were used for targeted advertising and metrics for Facebook. Meta would have added: For purchases made through the in-app browser, we ask for user consent to save payment information for autofill purposes. But Krause said there’s no legitimate reason for Meta to embed a browser into its applications and force users to use it to visit external links.
This allows Meta to intercept, monitor and record its users’ interactions and communications with third parties, providing Meta data which it aggregates, analyzes and uses to increase its advertising revenue, the complaint reads. . The lawsuit argues that collecting user information through the Facebook and Instagram apps allows Meta to circumvent Apple’s privacy regulations, which require all third-party apps to obtain consent from users. users before tracking their online and offline activity.
In response to the plaintiffs’ allegations, Meta admitted that the Facebook application tracks (integrated) browser activity, but denied claims that user data was collected illegally. Additionally, Krause’s report noted that the practice of injecting code into pages of other websites would raise risks on several levels:
- Privacy and Analytics: The host application can track literally everything that happens on the website like every tap, keystroke, scrolling behavior, what content is copied and pasted, as well as viewed data like online purchases;
- theft of user credentials, physical addresses, API keys, etc.;
- ads and referrals: the host application can inject ads on the website, or replace the ads API key to steal revenue from the host application, or replace all URLs to include a referral code;
- security: browsers have spent years optimizing the security of the user experience on the web, such as displaying the status of HTTPS encryption, warning the user about unencrypted websites, etc.;
- browser extensions and user content blockers are not available;
- deep links don’t work well in most cases;
- often it’s not easy to share a link through other platforms (e.g. email, AirDrop, etc.).
If you want to evade Meta tracking through its apps’ browser, you can open the webpage in a browser outside of the app first. Usually a button allows you to do this. If this button is not available, you will have to copy and paste the URL to open the link in your browser of choice. Another fairly simple solution that allows you to escape the gaze of Meta is to use the Web version of these applications.
What is your opinion on the subject?
What do you think of the allegations made against Meta?
See as well
Developers are looking at invasive user tracking techniques in iOS 14 to circumvent Apple’s upcoming privacy update
Meta, the parent company of Facebook and Instagram, is allegedly injecting JS code into websites to track users, according to a recent discovery by researcher Felix Krause
Facebook predicts $10 billion revenue shortfall due to privacy features on iOS that have made it harder to track users since the launch of iOS 14.5
96% of iPhone users have opted out of app tracking since the launch of iOS 14.5, showing that the vast majority of people want to maintain their privacy