The Instagram app on iOS is capable of monitoring user activity on other websites, when accessed from the social network’s browser. With this, pages accessed, interactions, clicks and even data typed could be collected by the company, which claims that the practice is normal and does not violate terms of operating systems.
The complaint came from developer Felix Krause, founder of Fastlane, an open source tool aimed at facilitating the production of apps. According to him, the secret of tracking lies in the insertion of a Javascript code whenever the Instagram user clicks on a link on the social network itself, which applies both to ads and to purchases or interactions with other users’ profiles.
It would be, in the expert’s view, a breach of their privacy, since explicit consent is not given or even an alert that this tracking is taking place. Also, the idea that Instagram collects typed data is worrying, as the script could end up collecting personal data and sensitive information, in addition to passwords or credit card details, for example.
Krause also relates the use of this code to a feature introduced by Apple from iOS 14.5 onwards, ATT (App Tracking Transparency). The function allows users to allow or block this type of tracking and sharing of data from one application over others, which also includes browsers; the move resulted in a loss of $10 million for Meta and prompted changes to its ad technologies.
The link between the two is even in the company’s official response. In return to the developer, the responsible for Instagram said that the data tracked from the browser of the social network is used to aggregate events – precisely the terminology used by her earlier this year, when she presented her solution for monitoring and collecting metrics for advertising. from Facebook and its other services.
Still in the response, the company said that the insertion of Javascript code only collects data on sites that have the so-called Meta Pixel — another feature that serves to monitor users for advertising purposes. Its use, she said, is in accordance with the terms of use of iOS and also the ATT, posing no risk to users’ privacy.
Still, the company recommended that users who are concerned can copy the links provided on the social network and open them in the mobile browser of their choice, where the interaction will not be tracked. Meta, however, did not speak directly about the possibility of sensitive data being obtained through the resource.