Facebook users are suing Meta for tracking them through a loophole on iOS

In context: Last year, Apple released a security update that restricted third-party apps from attempting to track user data and behavior. While most apps adhered to the restrictions, Meta reportedly circumvented the boundaries with Facebook, allegedly tracking users well beyond what Apple allows.

Despite being past its prime, Facebook remains one of the most downloaded programs on the App Store. Apptopia stats show that users downloaded the Facebook app over 416 million times across all devices in 2021. While it may not match TikTok's astounding 656 million downloads, Facebook's numbers are still outstanding for a website that began in 2004.

Because of the large number of downloads, there is a greater emphasis on security for millions of people. If any company knows a thing or two about user privacy, it's Apple. Apple has always prioritized protecting users and their data, especially proven by a landscape-altering privacy update that the company released in 2021.

One notable change in this privacy movement was allowing users to opt out of having their activities tracked across apps. This policy was a massive blow to companies like Meta, which used customer data for targeted advertising. Meta stands to lose an estimated $12.8 billion in 2022 from these changes alone, according to Lotame.

So Meta decided to look for a loophole, hoping to find a way to retrieve user info once again. The solution it came up with was to open an integrated browser directly in the app instead of using Safari whenever users clicked links. The company believed this would bypass Apple's tight privacy restrictions and allow it to track as it pleased.

A pair of Facebook users have recently filed a class-action lawsuit against Meta for using this loophole. The lawsuit contends that Meta's integrated browser injects JavaScript code into any site they visit within the browser. The plaintiffs believe this circumvention violates Apple's privacy rules. Worse yet, the suit claims the workaround might violate state and federal laws, including the Wiretap Act.

This code injection allows Meta to track "every single interaction within external sites," including tap locations and any text the user types, including passwords. Since users don't explicitly consent to the integrated browser's data tracking, this becomes a significant privacy concern.

A Meta spokesperson said the allegations were "without merit" and stated, "We have carefully designed our in-app browser to respect users' privacy choices, including how data may be used for ads."

We covered a similar issue last month involving TikTok doing the same thing. Like TikTok, Meta has come up with an excuse that doesn't absolve them of wrongdoing.

Felix Krause, an online security researcher, has released reports about other apps doing this in the past, including Facebook. He insists that Meta should send people to Safari or another external browser to close the loophole to avoid possible repercussions.