Does Instagram track user data through its In-App browser?!


As per a blog post by Felix Krause, who owns Fastlane — an open source platform aimed at simplifying Android and iOS deployment — the Instagram app injects its JavaScript code into every website shown, including when clicking on ads, in the app. Injecting custom scripts into third-party websites allows the platform “to monitor all user interactions, like every button & link tapped, text selections, screenshots, as well as any form inputs, like passwords, addresses and credit card numbers” without users’ consent.

Meanwhile, Meta responded to Krause saying that the script that gets injected “isn’t the Meta Pixel” — a snippet of JavaScript code that allows tracking visitor activity on a website. Meta says that it is the pcm.js script, which “helps aggregate events, i.e. online purchase before those events are used for targeted advertising and measurement for the Facebook platform.”

Meta also said that the injected script respects the user’s App Tracking Transparency (ATT) opt-out choice “which is only relevant if the rendered website has the Meta Pixel installed.” ATT is a framework on iOS that requires all iOS apps to ask users for permission to share their data.

Krause has responded to this by saying that all that injection of code is unnecessary if the app opens the link in the user’s default browser.

Share this Article
Leave a comment

Leave a Reply

Your email address will not be published.