Academics at the Radboud University in the Netherlands and IMDEA Networks found that Meta has been tracking the web browsing activity of Android users without their knowledge or consent – even when the users were in incognito mode or using a VPN.
As long as the Android owners were logged into Meta's apps, like Instagram and Facebook, Meta was able to track what users watched, clicked or bought in order to serve them more personalized ads.
Initially spotted in January, the apps were loading a script that sent data back to other apps on the same device, basically bypassing Android's built-in security and privacy features.
A professor at Radoud University realized that the Meta Pixel tracker (present on around 20% of popular websites) had been linked to Facebook and Instagram apps on one of the best Android phones. Instead of sending collected information to Meta, that linked the Pixel tracker to the cell phone apps and the user’s identities as registered to Facebook and Instagram which allowed the company to bypass security protections enabled on Android devices.
This behavior occurred on all major Android browsers, but Meta says it did stop earlier this week. According to BoyGenuisReport though,Meta has only been using this type of data collection since September of 2024.
Google responded by saying the companies who collected sensitive data in this manner were using Android capabilities “in unintended ways that blatantly violate our security and privacy principles.” They’ve also stated they have implemented changes to mitigate these types of invasive techniques, and have additionally launched their own investigation and are in direct contact with the involved parties.
Meta has confirmed that they are in contact with Google by issuing their own statement. The company also confirmed that the tracking did occur but ended earlier this week. Likewise, Meta also told Sky News they would be looking into the issue and that they were discussing with Google “a potential miscommunication regarding the application of their policies.”
More from Tom's Guide
- Hackers are using this to spread dangerous malware just in time for summer travel season
- Dangerous new Android malware adds fake contacts to your phone while draining bank accounts — how to stay safe
- It’s time to update Chrome — zero-day bug is being exploited in the wild by hackers
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
