Meta and Yandex Apps on Android Have Been Tracking Users in Newly Creepy Ways ⇥ localmess.github.io
We disclose a novel tracking method by Meta and Yandex potentially affecting billions of Android users. We found that native Android apps — including Facebook, Instagram, and several Yandex apps including Maps and Browser — silently listen on fixed local ports for tracking purposes.
Dan Goodin, Ars Technica:
The covert tracking — implemented in the Meta Pixel and Yandex Metrica trackers — allows Meta and Yandex to bypass core security and privacy protections provided by both the Android operating system and browsers that run on it. Android sandboxing, for instance, isolates processes to prevent them from interacting with the OS and any other app installed on the device, cutting off access to sensitive data or privileged system resources. Defenses such as state partitioning and storage partitioning, which are built into all major browsers, store site cookies and other data associated with a website in containers that are unique to every top-level website domain to ensure they’re off-limits for every other site.
The difference between targeted advertising and spyware is there is no difference.
After Girish, et al., disclosed this behaviour, Meta’s apps ceased tracking users with this method, and Goodin said Yandex will also stop. Meta is still under a consent decree struck in 2019 with a $5 billion penalty after violating a 2012 agreement. Executives at Meta do not care about privacy, rules, laws, or common sense. They will keep doing stuff like this. Ad tech is an indefensible industry run by megalomaniacs who would better serve society if they were made to live in a cave under an ice sheet, though I do not care which one.