Everything that is currently related to security or privacy on our computers is becoming increasingly important. And it seems that certain companies do not help to reassure users, as we can now see on platforms as popular as Facebook, Instagram or WhatsApp.
We tell you all this because recently a security researcher has made a discovery that almost no one will surely not like. And it seems that the owner of Facebook and Instagram is using a hidden code to follow those who click on the links from their applications. This is something that a former Google engineer has discovered, seeing a code injection while designing his own tool to list the extra commands added to a website by the browser.
Specifically, here we are talking about Meta, the owner of Facebook, WhatsApp and Instagram. From what we can see now, the company has been rewriting the websites its users visit by allowing the company to track them after they click on links in its apps. These platforms take advantage of users clicking links to web pages in an in-app browser controlled by Facebook or Instagram. All this instead of going to use the usual internet browser such as Chrome or Firefox.
To give us an idea, the Instagram app injects its tracking code into each web page that is displayed. This happens even when the ads are clicked. All this allows Meta to monitor all user interactions such as each button and link clicked. Text selections, screenshots, or any form input that includes passwords , addresses , or credit card numbers are also spied on.
Instagram and Facebook follow your footsteps on the Internet
This has been discovered by Felix Krause, a security researcher who created an application development tool acquired by Google in 2017. Meta has also spoken about all this. In a statement, it ensures that the injection of a tracking code obeys the preferences of the users. These allow or not allow apps to follow them and ensure that it is only used to aggregate data for targeted advertising purposes. It must be said that at the moment this type of movement has not been detected in the specific WhatsApp application, but we cannot forget that it also belongs to Meta.
In addition, they add that, for purchases made through the browser integrated into their apps , they seek the user’s consent to save payment information. This code injection is detected in the Facebook and Instagram applications and has up to 18 lines of code added. These appear to look for a specific cross-platform tracking kit, and if it’s not installed, they call Meta Pixel, the company’s tracking tool. This allows the company to follow the user around the web and build an accurate profile of their interests.
However, despite these spying and tracking moves, Meta does not reveal to the user that it is rewriting the web pages they visit. At this point it’s unclear when Facebook and Instagram started injecting code to track users after clicking on links, but it certainly makes us suspicious.
