Don’t Use Built-in Browsers for Anything Important
Both Apple and Google do a great job of preventing multiple site tracking. Google Chrome is phasing out cookies , and Apple goes the furthest by asking users to block multiple app/site tracking with app transparency popups.
However, custom browsers in apps are not available. These default browsers are annoying as they won’t have any history, usernames, passwords or sharing options from your default browsers. But while they’re most commonly found on apps like Facebook and Instagram, they’re not limited to the two big meta apps.
Because app developers code the app browsers themselves, they have a lot more freedom as to what happens there. A recent study by Fastlane developer Felix Krause found that Facebook and Instagram can basically keep track of everything they need when you use their built-in browser, which they use to open all ads and links by default.
How does in-app browser tracking work?
JavaScript injection. The study uses Instagram as an example. Instagram embeds a Meta Pixel JavaScript tracking code on every website you open. This is a library designed for website developers to track visitors to their site. Meta injects it into every site without asking the website, but collecting data for itself.
When you open a link on Instagram, the app injects a JavaScript code (Meta Pixel) that helps the app view and record all sorts of content. They can record what you clicked, what image you opened, how long you spent on the page, and more. Instagram then uses this information to show you more ads and create an even clearer picture of your personality.
Technically, the app’s built-in browser can even record personal information like passwords and credit card information as you type it into a text box, but research doesn’t show Meta doing anything nefarious. However, it’s important to note that the occasional app with a built-in web browser does have this capability.
What can you do with in-app browser tracking?
First, whenever you open a link on Instagram, Facebook, or any other app using the built-in browser, get out of there. The app has already detected that you’ve opened the link, and there’s not much you can do about it, but you can stop tracking. Instagram has the option to open the website in the default browser, hidden behind the Menu button.
Another option is to stop using the app itself. Switch to the web app version and you won’t have to deal with this issue. And if we are talking about Instagram , you will really get a more pleasant and calm experience without drums.
That’s all you can do. For website developers, Felix offers a line of code that will make Instagram think their code is already installed on the site. He also has suggestions on what Apple can do to prevent similar abuses in the future. If you’re wondering how he figured it all out (an interesting read), take a look here: Felix Krause / 9to5Mac .