Netvora logo
Submit Startup Subscribe
Home About Contact Submit Startup Subscribe

Meta and Yandex Accused of Tracking Users Without Consent

Comment

Meta and Yandex Accused of Tracking Users Without Consent

Netvora June 3, 2025 at 04:01 PM Security
Meta and Yandex Accused of Tracking Users Without Consent

Meta and Yandex Accused of Tracking Users Without Consent

By Netvora Tech News

A new study has revealed that Meta, the parent company of Facebook and Instagram, and search giant Yandex, have been tracking users' browsing behavior without their consent. Researchers from the Radboud University and KU Leuven discovered that both companies have been using a method to combine the functionality of their Android apps with tracking pixels on millions of websites to gather user data.

The Tracking Method

The method, which has been in use since 2017 for Yandex and September 2024 for Meta, allows the companies to bypass the privacy protection of Android's permission control and even the Incognito Mode of browsers. The researchers found that the tracking method is capable of reaching all major Android browsers.

How it Works

When an Android app is granted the Internet permission, it can start a local web server in the background. This allows JavaScript on web pages to communicate with native Android apps and share identifiers and browsing behavior. The researchers noted that this method can be used to link short-term web identifiers to long-term mobile app identifiers using standard web APIs.

The Meta Pixel

The Meta pixel, which is active on millions of websites, uses this local web server to share browser identifiers with the Facebook and Instagram app on the phone. The data is then linked to the user's logged-in account and sent to Meta's servers.

A Fundamental Problem

The researchers identified a fundamental problem that allows this attack to occur: the lack of control over localhost communication on most modern platforms. "Until our disclosure, Android users were completely defenseless against Yandex and Meta pixels," said Narseo Vallina-Rodríguez, a researcher at the Radboud University.

No Disclosure or Transparency

The researchers found no evidence that Meta or Yandex informed website administrators or end-users about this tracking method. "Not only has Meta not informed website administrators about this tracking method, but it has also ignored complaints and questions," said Gunes Acar, a researcher at the Radboud University.

Browser Developers Working on a Solution

Several browser developers are now working on a solution. Google Chrome is expected to release a fix soon. Until then, the only way to avoid this tracking is to not download apps like Facebook or Instagram, as well as the Yandex apps.

  • Meta has stopped sending data to localhost since the day of the public disclosure.
  • Yandex has been using this tracking method since 2017.
  • Meta has been using this method since September 2024.

Comments (0)

Leave a comment

Back to homepage

You might also like