A security researcher has made some serious allegations against Meta (previously known as Facebook), Instagram and TikTok, saying their iPhone applications may be capable of tracking everything users type in their in-app internet browsers.
The researcher, ex-Google engineer named Felix Krause, was quoted as saying by the New York Post that all these applications say they don’t breach a user’s privacy or track sensitive user data like credit card information, passwords, and addresses entered through in-app browsers but can do so.
Last week, the researcher published a report on these applications alleging that all the third-party links on their applications can cause various risks to the user.
According to the Mr Krause, users who click on links in the two apps are taken to webpages in an “in-app browser” allegedly controlled by Facebook or Instagram, rather than being sent to the user’s preferred web browser, such as Safari or Firefox.
Explaining it further, he said when Instagram users clicks on links of products sent by their friends as direct message on their iPhones, the URLs open within the in-app browser. If the users decide to buy the products, they must enter their credit card information, shipping address, and other information, all of which can be tracked by Instagram, claimed Mr Krause. The same thing would also reportedly happen if they bought a product from an Instagram advertisement, he added.
The researcher’s claims come amid concerns raised by several regulatory authorities about Chinese-owned TikTok’s privacy and security.
Mr Krause also claimed that Instagram “injects Javascript code into every website shown,” giving them potential access to all of that user data and more – despite the fact that there is no evidence that Instagram, Facebook, or TikTok are recording or saving such data.