back to article Meta accused of breaking the law by secretly tracking iPhone users

Meta was sued on Wednesday for alleged undisclosed tracking and data collection in its Facebook and Instagram apps on Apple iPhones. The lawsuit [PDF], filed in a US federal district court in San Francisco, claims that the two applications incorporate use their own browser known as a WKWebView that injects JavaScript code to …

  1. Anonymous Coward
    Anonymous Coward

    Lie down with dogs

    Get up with fleas

    1. The Man Who Fell To Earth Silver badge

      Re: Lie down with dogs

      Apple could stop it if they wanted. So one would think Apple must be benefiting.

  2. binary

    No surprise here...

    The benefits of Meta/Facebook: If you still use this mediocre platform, can't feel sorry for you.

  3. DS999 Silver badge

    The worst part is

    Facebook's in-app browser does not use the ad blocker you have installed, so not only can they track you get overloaded by ads. If I load a link I always use the "open in Safari" option but that's only available after the internal web browser has already started loading so they probably have enough time to track me.

    If regulators eventually make Apple permit true browser competition (i.e. instead of having them use WebKit internally as they do now) with a default browser configuration setting, I hope Apple requires apps to obey that default browser choice so users can avoid the built in browsers. That seems like a fair trade.

  4. Jan K.

    Meta illegal tracking and collecting data?

    I find that incredibly hard to believe.

    Should it - however unlikely - be found to be true, the company will probably get a tiny fee.

    The company, of course, as no persons would never ever be found responsible...

    1. FatGerman Silver badge

      >> The company, of course, as no persons would never ever be found responsible...

      Yeah, that's how corporations work. The company *is* a person, in the eyes of the law, and so the company can be "responsible" for "its actions". This gives unscrupulous people an invincible shield - you can't put a company in prison so it can basically do what it wants.

      1. Doctor Syntax Silver badge

        This depends on circumstances. Legislation (e.g.GDPR) can make provision for personal responsibility to fall on the relevant officials of the company. And ultimately the relevant company law may make management and/or directors personally responsible causing the company to breach that law. There is, of course, good reason to think that these sanctions are not applied often enough or that they result in scapegoating when they are.

  5. M.V. Lipvig Silver badge

    Only way to stop it -

    Fine a company doing such asshattery 10 percent of their gross global income. When they appeal, rule against them and order payment. Until they feel real pain, nothing will happen.

    1. Zolko Silver badge

      Re: Only way to stop it -

      too much trouble: simply shut them down. Or, if too troublesome, split them up: FaceBook, Instagram, WhatsApp.

      Same for Google with search and Android also. And same for Microsoft with Windows and Office. Same for Apple and the only browser. There are anti-monopoly and anti-bundle laws FFS, use them ! What does Humanity, or even the users, gain with such behemoths ? We would be much better of if we had 20 smaller companies rather than 5 US monopolies.

      1. An_Old_Dog Silver badge

        Re: Only way to stop it -

        Hmm ... look at what what happened after the breakup of AT&T: the Regional Bell Operating Companies, after a few years of buyouts, takeovers, and name changes, coalesced, like the liquid metal of the Terminators, into a smaller number of much-larger companies.

        I'll predict that if Meta was broken up, the smaller companies would simply form (legal) "cooperative agreements" with each other, and that their data-raiding/reselling activities would continue pretty-much unchecked.

    2. Wade Burchette

      Re: Only way to stop it -

      Or, better yet, make the CEO and others responsible for the decision to pay a fine equal to several months of their own pay. If they repeat, double the months of salary they have to forfeit. When a corporation pays a fine, they just right it off on their taxes. The people who are responsible for the decision are unaffected. But you start threatening the pay of the people who are crooked and corrupt ... then you will see things change.

      1. John Brown (no body) Silver badge

        Re: Only way to stop it -


        Some CEOs, especially at the big tech companies, don't get huge salaries, but do get massive bonuses and share options. Tax reasons usually.

        1. Anonymous Coward
          Anonymous Coward

          Re: Only way to stop it -

          And make it a felony (or act of god or war) so that insurance won't cover it, even if there's no jail time.

    3. Jellied Eel Silver badge

      Re: Only way to stop it -

      Until they feel real pain, nothing will happen.

      No need for pain, however tempting that might be.

      A simple link under exec's bios to more detailed personal information would suffice. So basically everything the data rapists collect from their 'customers' is public. Browsing, email, phone activity, search queries, medical records, realtime location data etc.

      Simple really. If they don't want that data public, don't collect it.

    4. iron Silver badge

      Re: Only way to stop it -

      The sentence? Guilty.

      The fine? Zuck's left nut.

      Sounds fair to me for all the trouble he has caused the rest of the world.

    5. Matthew "The Worst Writer on the Internet" Saroff

      Re: Only way to stop it -

      No. Frog march Zuckerberg and the head of their Apple development and sales teams out of their offices in handcuffs.

      That will stop them.

  6. Pascal Monett Silver badge

    "We have carefully designed our in-app browser"

    Of course you have. And you have carefully ensured that the user's choice of browser is completely ignored.

    There's a lot of care going on there. For your ad requirements.

    For respecting user privacy, much less.

    1. Christopher Reeve's Horse

      Re: "We have carefully designed our in-app browser"

      And they're not the only ones with this shady type of behaviour. Every link I open from Gmail in iOS opens a prompt to select a browser: Google, Chrome or Safari. I don't have Google or Chrome installed, Safari is the only browser in use, and furthermore, the option to 'ask every time' is set to off but gets ignored.

      That's not quite as bad as directly opening an IAB, however every attachment from within Gmail opens firstly in a Google equivalent software (in app), completely ignoring system app defaults.

      That's not to say they're doing the same injection/data skimming activities, but why would they need this functionality otherwise?

      1. John Brown (no body) Silver badge

        Re: "We have carefully designed our in-app browser"

        "but why would they need this functionality otherwise?"

        To annoy you enough that the only viable and convenient "solution" is to install their choice of s/w, not your choice.

        1. stiine Silver badge

          Re: "We have carefully designed our in-app browser"

          how do you think chrome got to be #1? obnoxious advertising on every google property

      2. DS999 Silver badge

        Re: "We have carefully designed our in-app browser"

        That sounds like the option in Facebook which offers not only "Open in Safari" but "Open in Chrome" even though I don't have Chrome installed.

        Its easy to figure out why the Gmail app would offer Chrome as an option despite you not having it installed, but why is Facebook offering that? Maybe they have some deal with Google, from one privacy rapist to another?

      3. Anonymous Coward
        Anonymous Coward

        Re: "We have carefully designed our in-app browser"

        "That's not to say they're doing the same injection/data skimming activities"

        They're GRUgle, of course that's exactly what they're doing. That's pretty much how Google Analprobe, Tag Mangler, etc, etc, and all sorts of murkiness in Android itself (for those who have the misfortune [1]), work.

        [1] Third-party Android distros have to do an awful lot of work to try to remove the facehugger's limbs from around your neck…

  7. Screwed

    I decided against facebook and their stable-mates many years ago. Never joined nor installed any of their software. Tried never to visit any page in their empire. Block traffic.

    Despite all that, I suspect they know too much about me. And are far too dominant. Quite how they have been able to make the acquisitions they have without triggering antitrust / monopoly concerns is astonishing.

    1. iron Silver badge

      They do. They have shadow profiles on you and me with all the information they have gleaned from our stupid family, friends and colleagues who use Facebook and any like buttons or pixels on websites we use (unless blocked).

      I know for a fact Facebook has my mobile phone number because my stupid family use Whatsapp and the first thing it does is upload their contacts to the Borg mothership. They have been told to avoid such sites and apps but they pay no attention to the guy who actually knows how this stuff works.

  8. anonanonanonanonanon

    Never use in App browsers

    Just don't open links in in app browsers on any app, loads of them do it, if it doesn't let you open links in external browsers, or copy/paste the link, don't use it. We use them only to open links to specific docs on our pages, and you can't navigate away from them. Things like your privacy settings across our services.

    Apple also have a dedicated view for authentication flows that should be used instead of WKWebView to log into services.

  9. Howard Sway Silver badge

    injects JavaScript code to gather data that would otherwise be unavailable

    Any type of code injection into web traffic should be illegal full stop. Code injection for the purposes of data slurping should be a criminal offence with jail time for executives. This whole in-app browser thing needs looking at as well - it potentially enables massive amounts of abuse, and offers users no control whatsoever over how they use the web.

  10. Randy Hudson

    So, the same thing YouTube and other Google apps have been doing for years? YouTube even has the balls to prompt you with the option to open a link in "Safari", and then proceeds to just show you a webview so they can track you.

  11. Anonymous Coward
    Anonymous Coward

    respect its users' privacy choices

    they have obviously got a different definition of the words

  12. Falmari Silver badge


    "We intentionally developed this code to honor people's App Tracking Transparency (ATT) choices on our platforms," a Meta spokesperson told The Register last month. "The code allows us to aggregate data before it is used for targeted advertising or measurement purposes."

    A Meta spokesperson talking bollocks. The first comment states the code was developed honor people's ATT choices. The second comment does not expand on this or explain how it honors ATT. It states the code allows them to do something else, aggregate* data, nothing to do with honoring ATT.

    The Meta spokesperson might just have well said, 'to respect people's privacy we have to invade people's privacy'.

    *VERB: form or group into a class or cluster.

  13. captain veg Silver badge

    don't get the outrage

    I might be missing something, since I don't use Farcebok or any of its spawn, neither in a web browser nor a mobile app. But I do know this: your use of their web site or mobile app is predicated on your acceptance that they will mine your personal data to the greatest extent possible so as to make their injected advertising as valuable as possible. I know it. You know it. I guess that not everyone knows it, but a significant portion of the userbase does without seeing any problem there.

    If the mobile app embeds some kind of web browser then I would expect it to do the same. If not, then what would be the point?

    Some posters here imply that they make it look like web pages are being opened in the user's choice of browser while in fact being entirely in-app. If so, that's fraud. Seems unlikely, frankly. The necessity (or lack thereof) to switch to another app would seem a dead giveaway.

    If you don't want Meta collecting your data then don't use its crap. I don't. In my view you shouldn't either. "Like" icons and "pixels" on third party sites? Not a problem, since I'm never logged in. Your stupid relative and/or acquaintances volunteering or inadvertently submitting your personal data? That's illegal. This is what we should be concentrating on.

    Whenever I suspect that someone is about to upload, say, a photo with me in it, to social media I insist that they don't. I'm afraid that by and large I'm regarded as some kind of paranoid nutter. This needs to change.


    1. Anonymous Coward
      Anonymous Coward

      Re: don't get the outrage

      "If you don't want Meta collecting your data then don't use its crap."

      I'm afraid you can't 'opt out' because their services are tracking you just about everywhere, so they will eventually figure you are Captain Veg and all this data we collected about 'anonymous user 913415689045643J' is yours.

      You can always sign up with them to opt out and/or use their 'don't track me' add-on, but then they can still figure out what you are doing by tracking your 'opt out', so you are back to square one

      1. captain veg Silver badge

        Re: don't get the outrage

        > their services are tracking you just about everywhere

        Can you explain how?

        I already explained that I'm never logged in, so they can't identify me through pixels, "like" buttons or other embeds. I reject third party cookies and throw the rest away on session close, so they're going to have to try really quite hard to track me that way.


POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like