Privacy

3359 readers

147 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 2 years ago

MODERATORS

Ategon@programming.dev

danielintempesta@programming.dev

Meta Found a New Way to Track Android Users Covertly via Facebook & Instagram (cybersecuritynews.com)

submitted 7 months ago by throws_lemy@lemmy.nz to c/privacy@programming.dev

7 comments fedilink hide all child comments

A sophisticated tracking method employed by Meta (Facebook) and Yandex that potentially affected billions of Android users through covert web-to-app communications via localhost sockets.

The technique allowed native Android apps, including Facebook and Instagram, to silently receive browser metadata, cookies, and commands from Meta Pixel scripts embedded on thousands of websites, effectively linking mobile browsing sessions to user identities and bypassing standard privacy protections.

you are viewing a single comment's thread
view the rest of the comments

[–] vrighter@discuss.tchncs.de 6 points 7 months ago (2 children)

localhost is "this device".

connecting to localhost means connecting to something running on the same machine.

Browsers generally block connections to other domains (ex if you're on google.com, the browser won't simply let the site contact amazon.com willy-nilly).

But localhost is your own machine, so it is usually "trusted". Facebook exploited this fact to exfiltrate data from the browser to the other apps running on your own phone, which would, in turn be free to do with it as they please, because they're not the browser

[–] Squizzy@lemmy.world 2 points 7 months ago

Thank you