Recent findings from experts at Radboud University in the Netherlands and IMDEA Networks have revealed that Meta and Yandex have been engaging in covert tracking of Android users. This activity, which occurs in the background of users’ devices, involves monitoring browser activity without consent and utilizing the gathered data within their applications.
Details of the Discovery
Gunes Acar, an assistant professor at Radboud University, noted that this covert data collection was first identified in January. He explained that apps from Meta, such as Facebook and Instagram, alongside Yandex’s offerings like Yandex Maps, were operating in the background of Android devices. These applications were loading scripts that transmitted data back to their respective apps on users’ phones.
According to Dr. Acar, these scripts managed to circumvent Android’s security measures, allowing Meta and Yandex to track users’ web browsing activities without their knowledge or consent. “They are bridging these two worlds that we think are separate; web browsing and mobile app activities,” he remarked, expressing concern over the implications of such practices.
Implications for User Privacy
The implications of this tracking are significant. Narseo Vallina-Rodriguez, an associate professor at IMDEA Networks, emphasized the troubling nature of this discovery, stating, “It’s really concerning because it negates every privacy control that you have in modern browsers and also in modern mobile platforms like Android.” The research indicated that the tracking extended to all major Android browsers, including those in incognito mode.
Google, the owner of the Android operating system, acknowledged the covert activities, confirming to Sky News that Meta and Yandex had exploited Android’s capabilities in ways that violate established security and privacy principles.
Responses from Meta and Yandex
In response to the allegations, Meta stated that it is actively investigating the issue. A spokesperson mentioned, “We are in discussions with Google to address a potential miscommunication regarding the application of their policies.” The company has decided to pause the feature in question while working with Google to resolve the matter.
Conversely, Yandex maintained that it strictly adheres to data protection standards, asserting that the feature under scrutiny does not collect sensitive information and is intended solely to enhance personalization within its apps.
Duration of Tracking Activities
The research indicated that Meta’s tracking activities had been ongoing for approximately eight months, while Yandex’s practices date back to 2017. Tim Vlummens, a PhD student at KU Leuven involved in the research, revealed that Facebook was tracking users on around 16,000 websites when accessed from the EU, while Yandex was active on 1,300 sites.
In light of these findings, Google has already implemented changes to mitigate such invasive techniques and has initiated its own investigation, maintaining direct communication with the involved parties. However, the tech giant did not disclose any potential repercussions for Meta and Yandex regarding their conduct.
Additionally, browsers such as Firefox, Microsoft Edge, and DuckDuckGo were also affected by these tracking practices. Mozilla, the owner of Firefox, along with engineers from DuckDuckGo, are taking proactive measures to prevent any future covert tracking incidents.
