iOS data protection: Instagram and Facebook read along anyway

iOS data protection is of little use on Facebook and Instagram. Because anyone who uses the in-app browser of one of these apps shares their data involuntarily.

iOS data protection is Apple’s top priority. At least if the advertising is to be believed. And certainly Apple has done a lot lately to improve privacy for its users.

However, all efforts remain in vain if a company actively takes action against these protective measures. We’re talking about Mark Zuckerberg again. Because Instagram’s in-app browser can continue to “read” everything.

It is well known that Facebook and thus Instagram “live” on our data. Apple’s announcement that it would strengthen iOS data protection and also introduce stricter rules for apps understandably caused all the alarm bells to ring among the notorious data octopuses.

The overall impact of iOS is a concern for our business in 2022 … in an order of magnitude of about 09 Billions of dollars.

Meta CFO Dave Wehner

These are losses of a magnitude that even a giant corporation like Meta cannot and will not simply put up with. A back door was needed so that at least part of the user data could continue to be used and turned into money. And that without the prior consent of the user.

Instagram appears to intentionally circumvent Apple’s App Tracking Transparency permissions system, which is designed to prevent precisely this type of covert data collection. The well-known app developer and founder of, Felix Krause, has now explained to us exactly how this works in a very detailed PoC (Proof of Concept).

Not only the Instagram app inserts its tracking code into every website accessed

Trotz iOS-Datenschutz: Die Instagram-App fügt ihren Tracking-Code ein
iOS Privacy: Tracking code from Instagram

But not only Instagram iOS shows this unpleasant characteristic. Messenger iOS, Facebook iOS and even Instagram for Android also track your every movement on the web as soon as you open a link via the built-in in-app browser.

According to Felix Krause, the only app from the “meta universe” that cannot be counted among these data octopuses is WhatsApp. Because WhatsApp opens all links in Apple’s iOS Safari browser by default.

This tracking code allows Meta to monitor all our interactions in the in-app browsers of the apps listed above. And all this without the consent of the user or the provider of the website.

The data that we involuntarily and mostly also unknowingly disclose includes, among other things, all the links we clicked on and the pages viewed, a any text selection, your screenshots as well as all form entries such as passwords, addresses and credit card numbers.

With 1 billion active Instagram users, the amount of data Instagram can collect is by injecting the tracking code into any third-party website opened from the Instagram and Facebook app, breathtakingly large.

Felix Krause

Whether Mark Zuckerberg intentionally hides this rather sneaky tracking in the in-app browsers of his iOS apps is a question that Felix Krause doesn’t either can answer. It is also important to him that he cannot prove which data is being transmitted exactly.

I have not been able to prove the exact data that Instagram collects be able. But I wanted to show what kind of data they can get without us knowing about it.

As we’ve seen in the past, if a company can get access to data for free, collect this data without asking the user for permission.

Felix Krause

The chances of Zuckerberg targeting your credit card number or our passwords are more than slim. Still, it’s quite disturbing to know that as a user, you have no control over what happens to your data when using one of these apps.

Cross Platform Tracking

And that despite iOS data protection. This can certainly not be in the spirit of Apple. Luckily, it’s pretty easy to protect yourself from this over-nosy data octopus. Away from the in-app web view is the magic word.

Most in-app browsers provide a way to open the currently rendered website in Safari. Once you land on this screen, just use this option to exit.

If this button is not available, you must manually copy and paste the URL to open the link in the browser of your choice.

Felix Krause

Really not a very nice game by Mark Zuckerberg. But fortunately it’s quite easy to put a stop to the ever-hungry data octopuses. Or how about just uninstalling their apps?

The data octopuses

Because one thing is for sure. Meta will only really make money in the future if they get enough data from us. And they will certainly soon come up with another trick to continue to get our data.

Data that means money and power for all data octopuses. And not to forget, the next data breach is bound to be lurking around the next corner. 😉

Trotz iOS-Datenschutz: Die Instagram-App fügt ihren Tracking-Code ein


Related Articles

Back to top button