Users of Facebook’s iOS app are suing Meta for allegedly collecting their data despite opting out with a privacy feature Apple introduced in April 2021. Two Facebook iOS users filed a class action lawsuit in federal court in San Francisco on Wednesday. the second such class action lawsuit against Meta in a week.
Following allegations in the class action lawsuit legal actionMeta bypassed App Tracking Transparency (ATT) privacy features such as: B. Eliminating cross-host tracking on iOS by setting up alternative tracking methods on third-party websites via in-app browser applications.
When released with iOS 14.5, ATT had a 98% opt-out rate (from tracking) in the US, meaning only 2% of US users allowed apps to track them. As of May 2022, is the number of US users who have enabled app tracking (opt-in rate) on iPhones up to 18%. Likewise, the global opt-in rate for tracking on iOS increased from 11% in April 2021 to 25% in May 2022.
The litigants alleged that Meta violated the Wiretap Act and the Invasion of Privacy Act by continuing to track users and intercept data that was not otherwise available to it.
“Meta tracked and intercepted their specific electronic activities and private communications with external third-party websites without them [one of the litigants] Knowing or consenting,” the lawsuit reads.
“MS. Davis reasonably expected that her communications with third-party websites were confidential, solely between her and those websites, and that such communications — which include text inputs, passwords, personally identifiable information and other sensitive, confidential and private information — would not be intercepted or by Meta tracked.”
The lawsuit was based on insights from Felix Krause, a privacy researcher and former Google engineer. He discovered that Meta is still tracking Facebook and Instagram users by bypassing the privacy settings otherwise enforced by ATT on the remaining apps.
Krause’s August report entitled iOS privacy: Instagram and Facebook can track everything you do on any website in their in-app browserdescribes how users are redirected to the website via an in-app browser developed by Meta instead of Apple’s Safari or another third-party browser when clicking on a link in the Facebook or Instagram apps.
Flowchart of user tracking on Facebook and Instagram via in-app browser | Source: Felix Krause
See more: South Korea fines Google and Meta a combined $72 million for data breaches
In-app browsers are different from third-party ones. Meta can and develops in-app browsers to inject Javascript code into websites. “Creating your own in-app browser requires non-trivial coding and maintenance time, much more than just using the privacy-friendly and easy-to-use alternative that’s been built into the iPhone for seven years,” Krause noted.
Facebook in-app browser injecting JavaScript code into third-party website, on iOS (left) and Android (right) | Source: Felix Krause
Although not mentioned in the lawsuit, in-app browsers also affect the app’s usability. Opening a website in an in-app browser restricts users’ ability to go back and use the app unless the in-app browser is closed. A simple prompt asking users to “always open in browser” used to work, but has been eliminated.
The plaintiffs also alleged that while Meta did not consensually monitor and track users, it also failed to disclose those activities through the Facebook app’s off-Facebook activity section.
“Meta fails to disclose the implications of browsing, navigating, and communicating with third-party websites within Facebook’s in-app browser — namely, that it overrides their default browser’s privacy settings, which users rely on for tracking.” to block and prevent.” is the lawsuit.
“Similarly, Meta hides the fact that it injects JavaScript that modifies external third-party websites, allowing it to intercept, track, and record data it otherwise would not have access to.”
The most recent lawsuit was filed by Gabriele Willis of California and Kerreisha Davis of Louisiana, while Wayne Mitchell of California filed the previous lawsuit. Both class action lawsuits apply to anyone with an active Facebook account who has visited an external third-party website in Facebook’s in-app browser in the US
Meta, like Google, relies on online advertising for the lion’s share of its revenue. in the Q1 2021before ATT was introduced and in recent ones Q2 202287.2% of Meta’s total revenue came from advertising.
But unlike Google, the company doesn’t have a popular mobile operating system or search engine to fall back on for business. As a result, the social networking giant saw its total revenue decline in the second quarter of 2022, while its earnings fell for the third straight quarter. The company is currently trying to do that Reduced costs and initiated layoffs.
If Willis and Davis or Mitchell win, beneficiaries are entitled to $10,000 or $100 per day for each day of violation under the Wiretap Act and statutory damages of $5,000 per violation under the California Invasion of Privacy Act (CIPA).
Meta was fined £30.8 billion (~$22.11 million). in September 2022€17 million (~$18.6 million) in March 2022and 60 million euros (~$67.87 million) in January 2022 by South Korean, French and Irish regulators respectively for data breaches.
Let us know if you enjoyed reading this news LinkedIn, Twitteror Facebook. We’d love to hear from you!
MORE ABOUT META
