Meta and Yandex are de-anonymizing Android users' web browsing identifiers
a year ago
- #security
- #privacy
- #tracking
- Meta and Yandex embed tracking code into websites, de-anonymizing visitors by abusing Internet protocols.
- Chrome and other browsers send unique identifiers to native apps, allowing conversion of web identifiers into persistent mobile app user identities.
- The tracking bypasses Android and browser security protections like sandboxing and state/storage partitioning.
- Researchers highlight this as a violation of fundamental security principles, breaking the sandbox between mobile and web contexts.
- Yandex started this bypass in 2017, Meta in September last year, linking browsing history to app account holders.