Facebook users sue Meta, accusing the company of tracking on iOS through a loophole
Apple's major privacy update to iOS last year made it much more difficult for apps to track user behavior beyond their own borders, but a new lawsuit alleges that Facebook and Instagram parent company Meta kept snooping through a workaround.
The complaint, filed in the U.S. District Court for the Northern District of California and embedded below, alleges that Meta evaded Apple's new restrictions by monitoring users through Facebook's in-app browser, which opens links within the app. The proposed class-action lawsuit, first reported by Bloomberg, could allow anyone affected to sign on, which in Facebook's case might mean hundreds of millions of U.S. users.
In the lawsuit, a pair of Facebook users allege that Meta is not only violating Apple's policies, but breaking privacy laws at the state and federal level, including the Wiretap Act, which made it illegal to intercept electronic communications without consent. Another similar complaint (Mitchell v. Meta Platforms Inc.) was filed last week.
Apple introduced iOS 14.5 in April of last year, striking a massive blow to social media companies like Meta that relied on tracking users' behavior for advertising purposes. The company cited the iOS changes specifically in its earning calls as it prepped investors to adjust to the new normal for its ad targeting business, describing Apple's privacy changes as a "headwind" that it would need to overcome.
In a statement emailed to TechCrunch, a Meta spokesperson said the allegations were "without merit" and that the company would defend itself "vigorously." "We have carefully designed our in-app browser to respect users' privacy choices, including how data may be used for ads," the spokesperson said.
In the new iOS privacy prompt, Apple asks if a user consents to have their activity tracked "across other companies' apps and websites." Users who opt out might reasonably believe that they are on an external web browser when opening links within Facebook or Instagram, though the company would likely argue the opposite.
Security researcher Felix Krause surfaced concerns around Facebook and Instagram's in-app browsers last month and the lawsuit draws heavily from his report. He urged Meta to send users to Safari or another external browser to close up the loophole.
"Do what Meta is already doing with WhatsApp: Stop modifying third party websites, and use Safari or SFSafariViewController for all third party websites," Krause wrote in a blog post. "It’s what’s best for the user, and the right thing to do."