Normally, third-party applications that integrate a web browser must use the WebKit component integrated into iOS. Browser specially designed to minimize tracking by third-party applications. Nevertheless researcher Felix Krause realized that Facebook and Instagram actually use an in-house component instead of WebKit.
Felix Krause explains, quoted by WWCFTech: “the Instagram application injects their tracking code on each site that is displayed, even when ads are clicked, which allows them to observe all user interactions, including all links and buttons on which they click, what text they select, but also take screenshots, or suck everything entered into forms, such as passwords, addresses and credit card numbers”.
Fortunately, as Felix Krause notes, several safeguards limit the intrusion into user privacy, even if this practice is questionable in itself. The Instagram and Facebook browser is only able to spy on what the user does when he clicks on a link or an advertisement from the firm’s applications.
Moreover, even though Felix Krause claims that Facebook and Instagram can suck your passwords and payment card numbers, there is no evidence that Meta is interested in this data. In fact, the biggest problem, in the end, is that Meta still plays on the sly of the explicit consent provided for by the GDPR as well as the systems put in place by companies like Apple to protect the privacy of users.