Menu
Silhouette of a person against a backdrop of horizontal gray and white stripes. The head is slightly turned to the side, and the shoulders are visible. The image has a shadowy, mysterious look due to the contrast between the dark silhouette and the light background.

Meta and Yandex Exploit Android Browsers to De-Anonymize User Data

, , , , , , ,

Meta and Russia-based Yandex have been found to use tracking codes embedded in millions of websites to link detailed browsing histories with persistent identifiers. This practice abuses legitimate internet protocols, causing browsers like Chrome to send unique identifiers to native Android apps such as Facebook, Instagram, and Yandex apps without user knowledge. This allows these companies to bypass Android’s security features and browser protections designed to isolate user data, effectively de-anonymizing users’ browsing activity.

The tracking method exploits Android’s local host communication channels, which are less restricted compared to iOS. Meta Pixel and Yandex Metrica trackers send cookies and other identifiers from browsers to apps via local ports, which the apps monitor silently. This exchange links ephemeral web identifiers to actual user accounts, even in private browsing modes. Meta Pixel has evolved its techniques over time, using protocols like WebRTC and WebSocket to transmit data, while Yandex has been using similar methods since 2017.

Despite some browsers such as DuckDuckGo and Brave implementing blocking measures to prevent these trackers from sending data to local ports, these solutions are partial and reactive. Researchers warn that simple changes in port numbers or methods could bypass current protections. The root issue lies in Android’s unrestricted access to localhost sockets, which lacks user control or notification mechanisms. Experts suggest that a more effective solution would involve stricter platform-level policies and user permissions to limit such cross-context communication.

Neither Meta nor Yandex has disclosed this tracking to website operators or users, raising concerns about compliance with privacy laws such as the EU’s GDPR. While Google is investigating and has taken some mitigation steps, the problem persists. For now, the most reliable way to avoid this tracking is to avoid installing the related native apps on Android devices. The situation highlights the need for stronger privacy controls and transparency in how user data is shared between browsers and apps.

  • Save

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share via
Facebook
Twitter
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap