We select and review products independently. When you purchase through our links we may earn a commission. Learn more.

Meta Bypassed Apple’s Anti-Tracking Protections on iOS

Mark Zuckerberg standing in front of a slideshow that says "The Future Is Private"at the F8 2019 event.

When Apple introduced its App Tracking Transparency system in 2020, Facebook (now Meta) took a hard line against it, claiming it would hurt the world’s largest social media platforms and small businesses that rely on tracking data to make money.

Now, it seems that Meta properties have found a way around Apple’s anti-tracking regime. Engadget reports that researcher Felix Krause uncovered Meta’s secret javascript code that allows the Instagram and Facebook apps to track sensitive information via in-app browsers.

That means that if you open a website in the Facebook or Instagram apps on your iPhone, Meta can track your activity across the web and potentially even on other Meta apps. The tracking code could even collect sensitive information like passwords, payment information, and screenshots.

The key to this tracking is javascript code Meta apps inject into websites visited through their in-app browsers. iOS versions of Facebook and Instagram use custom browsers to visit websites rather than launching apps like Safari and Firefox. Were Meta apps to use third-party browsers, they could not inject tracking codes into user-visited websites.

Meta claims these tracking codes follow the tracking preferences of iOS users. A company spokesperson told The Guardian, “We intentionally developed this code to honour people’s choices on our platforms.”

Danny Chadwick Danny Chadwick
Danny has been a technology journalist since 2008. He served as senior writer, as well as multimedia and home improvement editor at Top Ten Reviews until 2019. Since then, he has been a freelance contributor to Lifewire and ghostwriter for Fit Small Business. His work has also appeared on Laptop Mag, Tom’s Guide, and business.com. Read Full Bio »