After Apple updated its privacy rules in 2021 to: simply allow iOS users to opt out of all tracking by third-party apps, so many people have chosen the Electronic Frontier Foundation reported that Meta lost $10 billion in revenue the following year.
Meta’s business model relies on selling user data to advertisers, and it appears that the owner of Facebook and Instagram has sought new avenues to continue collecting data at scale and recovering from the suddenly lost revenue. Last month, a privacy researcher and former Google engineer, Felix Krause, claimed that only way Meta tried to recover its losses was by having every link a user clicks in the app open in the browser, where Krause reported that Meta could inject some code, change the external websites, and “anything you do on any website”, including password tracking, without the user’s consent.
Now, in the past week, two class action lawsuits   of three Facebook and iOS users — directly citing Krause’s investigation — are suing Meta on behalf of all affected iOS users, accusing Meta of hiding privacy risks, circumventing iOS users’ privacy choices, and intercepting, monitor and record all activities on third-party websites viewed in the Facebook or Instagram browser. This includes form inputs and screenshots that give Meta a secret pipeline through the in-app browser to access “personally identifiable information, personal health data, text input, and other sensitive confidential facts” – seemingly without users even knowing that the data collection is taking place. .
The most recent complaint was filed yesterday by Gabriele Willis of California and Kerreisha Davis of Louisiana. An attorney on their legal team at Girard Sharp LLP, Adam Polk, told Ars it was an important matter to prevent Meta from getting away with hiding ongoing privacy breaches. In the complaint, the legal team pointed to past misdeeds by Meta in collecting user information without consent, noting to the court that a Federal Trade Commission investigation resulted in a $5 billion fine for Meta.
“Just using an app doesn’t license the app company to look over your shoulder when you click on a link,” Polk told Ars. “This lawsuit seeks to hold Meta responsible for secretly tracking people’s browsing activity through the in-app tracking, even if they didn’t allow Meta to do so.”
Meta did not immediately respond to Ars’s request for comment. Krause told Ars that he prefers not to comment.
Meta Reportedly Secretly Tracking Data
According to the complaints, which are based on the same facts, Krause’s investigation has “revealed that Meta has injected code into third-party websites, a practice that allows Meta to track users and intercept data that would otherwise not be available.”
“Meta is now using this encryption tool to gain an advantage over its competitors and, with regard to iOS users, to maintain its ability to intercept and monitor their communications,” the indictment claims.
According to the complaints, “Meta acknowledged that it tracks Facebook users’ in-app browsing activity” when Krause reported the issue to its bug bounty program. According to the complaints, Meta also confirmed at the time that it uses data collected through in-app browsing for targeted advertising.