- Meta and Yandex were seen using secret tracking techniques
- Techniques violate Google Play policies
- The code was mysteriously removed after being indicated by the researchers
Meta and Yandex have been accused of dodging privacy security requirements by combining users with their web browsing activity and cookies through native Android application using meta pixels and yandex metrica trackers.
This method involves collecting data through the localhost function manufactured in many native Android apps that are used for test purposes.
After release of Research The script associated with data extraction and user tracking was removed by computer scientists in IMdea Networks, Radboud University, and Ku Leuven.
Secret tracking in Android apps and browser
In particular, tracking was seen on Meta’s Facebook and Instagram apps, as well as Yandex ‘maps and browser.
Apps use localhosts, which allows a device to send themselves a network request as part of their ability to connect browsing data with the user’s identity.
In the words of the researcher, “These indigenous Android apps get browsers, cookies and commands from embedded meta pixels and yandex metric scripts on thousands of websites.
Meta and Yandex have essentially created a crack in the Android sandbox environment, through which they can remove data and cookies, bypassing inbuilt protection and privacy security, and then combining the data with the user’s device identifiers such as their identification within the meta app, or user’s Android advertising ID.
When the secret tracking method is investigated registerA Meta spokesperson said, “We are discussing with Google to address a possible misconception about the application of our policies. When aware of concerns, we decided to stop the convenience while working with Google to resolve the issue.”
According to the researchers, Yandex has been using this method of secret trekking since 2017, while Meta began in September 2024.
Firefox and chromium-based web browser were the primary goals of web data extraction, able to extract meta and yandex cookies that should be otherwise inaccessible due to the app allowed system of cookie clearing, secret browsing and Android.
A Google Representative told Tech technicaThe representative said, “In this report, developers are using the abilities in many browsers in iOS and Android, which violate our safety and privacy principles,” in the context of developers, who created a code behind the Meta Pixel and Yandex metrica. “We have already implemented changes to reduce these aggressive techniques and have opened our investigation and are directly exposed to parties.”
