New research highlights privacy abuse involving Meta and Yandex
a year ago
- #Android
- #privacy
- #tracking
- International research collaboration uncovers privacy abuse by Meta and Yandex on Android devices.
- Native Android apps like Facebook, Instagram, and Yandex apps listen on local ports to de-anonymize browsing habits without consent.
- Meta’s Pixel and Yandex Metrica bypass Android's privacy protections and Incognito Mode by mapping users' browsing habits to their accounts.
- Tracking has been ongoing since 2017 (Yandex) and September 2024 (Meta), affecting millions of sites.
- Meta uses localhost channels to share browser identifiers with native apps, while Yandex passively captures and aggregates data.
- Yandex apps delay activation of localhost listeners by up to three days, potentially to evade detection.
- Researchers suggest mobile platforms and browsers need to overhaul local port access to prevent such abuses.
- No evidence that Meta or Yandex disclosed these tracking capabilities to website operators or end users.
- Browser vendors like Chrome and DuckDuckGo are implementing fixes based on the research disclosures.
- The only current protection is avoiding apps like Facebook, Instagram, and Yandex apps.