Using a reliable browser is the best defense against JavaScript injection attacks.
To stop multi-site tracking, both Apple and Google are excellent. While Apple goes the farthest by requesting users to disable multi-app/multi-site monitoring using their app transparency popups, Google Chrome is gradually phasing away cookies.
They cannot, however, create their own in-app browsers. Since they lack the history, usernames, passwords, and sharing features of your default browsers, such browsers are bothersome by default. However, they are not only present in the two major Meta apps; Facebook and Instagram are just two examples.
Because in-app browsers are created by the app developers themselves, they have a lot more control over what happens inside. Facebook and Instagram can essentially track everything they want when you use their in-app browser, which they use to open all ads and links by default, according to a new study by Fastlane developer Felix Krause.
How does browser in-app tracking operate?
injection of JavaScript. Instagram is used as an example in the study. Every page you visit uses Instagram’s Meta Pixel JavaScript tracking code. It’s a library created for website designers to monitor site visitors. Without consulting the website, Meta injects it onto every page and collects the data for themselves.
Instagram injects JavaScript code (Meta Pixel) when you click on a link, which enables the app to view and record a variety of things. They can keep track of your taps, opened images, time spent on a website, and more. Following that, Instagram will utilize this data to show you more adverts and create a more accurate profile of you.
Although the study doesn’t support that Meta is engaging in such malicious activity, technically an in-app browser can even collect personal information like passwords and credit card information as you are typing it in the text box. However, it’s crucial to remember that every program with a built-in web browser does have the capability.
How can in-app browser tracking be prevented?
First off, whenever you click on a link in an app like Instagram, Facebook, or another one with an in-app browser, leave immediately. There isn’t much you can do about the fact that the app has already logged that you clicked the link; however, you can stop the tracking there. Instagram features a menu button-hidden option that allows users to access the website in their usual browser.
A different choice is to quit using the app altogether. You won’t have to worry about this issue if you switch to the web app version. Additionally, you’ll actually have a nicer, calmer, Reels-free experience on Instagram.
You essentially have no other options. Felix offers web developers a line of code that will make Instagram believe that their code is already there on the page. Additionally, he offers advice on what Apple may do to stop future instances of this kind of exploitation. Look here: Felix Krause/9to5Mac if you’re curious about how he figured all of this out (it’s a wonderful read).