- Meta and Yandex were stained using hidden tracking techniques
- The techniques violated Google Play policies
- The code was mysteriously removed after being pointed out by scientists
Meta and Yandex have been accused of avoiding the requirements for privacy by connecting users with their web browsing activity and cookies through native Android applications using Meta Pixel and Yandex Metrica Trackers.
The method involved the collection of data through the Localhost feature built into many built -in Android apps used for testing purposes.
Following the release of research from computer scientists at IMDEA Networks, Radboud University and KU Leuven, the script associated with the data extraction and user tracking was removed.
Hidden tracking in Android -Apps and Browsers
Specifically, the tracking was discovered on Meta’s Facebook and Instagram apps as well as Yandex’s maps and browser.
Apps use Localhost, which allows a device to send themselves a network request as part of their ability to associate browsing data with user identities.
In the researcher’s words, “these native Android -Apps browsers receive metadata, cookies and commands from Meta -Pixel and Yandex -Metrica scripts embedded on thousands of sites. These JavaScripts are loaded on users’ mobile browsers and silently connected with native apps running on the same device through Localhost Sockets.”
What Meta and Yandex have essentially done is create a crack in Android Sandbox environments through which they can extract site data and cookies, bypass built -in security and protection of privacy and then connect the data with the user’s device identifiers as their identity within a meta -app or user’s Android.
When they are explored about the hidden tracking method by Registeredsaid a meta -spokesman, “We are in discussions with Google to tackle a potential miscommunication regarding the use of their policy. When we became aware of the concerns, we decided to pause the feature while working with Google to solve the problem.”
According to the researchers, Yandex has used this method of hidden tracking since 2017, while Meta started in September 2024.
Firefox and Chrombased Web browsers were the primary target of webdata extraction, with Meta and Yandex able to extract cookies that would otherwise be inaccessible due to cookie clearing, incognito-browsing and Android’s app charging system.
Told a Google Representative Ars Technica“The developers in this report use capabilities present in many browsers across iOS and Android in unintended ways that openly violate our security and privacy principles,” the representative said, referring to the developers who built the code behind Meta Pixel and Yandex Metrica. “We have already implemented changes to mitigate these invasive techniques and have opened our own investigation and are directly in contact with the parties.”
