As services like setting up VPNs, ad blockers, and private browsing modes keep growing in popularity, privacy issues become ever more important. Features like Incognito Mode might not stop Internet Service Providers (ISPs) from monitoring your web history. But, they are meant theoretically to prevent apps from sharing your most sensitive site visits with other apps and marketing data servers. Android uses a technique called sandboxing to keep a safe distance between programs and thereby stop them from secretly tracking user actions by altering connections.
This is why it is especially troubling that Meta apps like Facebook and other applications use an Android flaw to connect supposedly anonymized website visits with known consumers..Independent researchers’ recent disclosure has prompted both Google and Firefox, the main creators of the most popular browsers on earth, to look into possible breaches of Terms of Service by both Meta and Yandex.
The hidden tracking system makes use of the unsecured nature of localhost connections, which are the communications that happen inside your mobile device to handle app interactions with the operating system. Unlike conventional means for distributing cookies, this exploit may transmit cookies among applications that would otherwise be rightly sandboxed or limited from interacting with one another, without Android’s clear permission. Since Android doesn’t need permission for communication over localhost ports, this sly tracking technique went undetected until recently.
Though it is beyond the scope of technical specifics, the approach has a conceptual similarity to a frequent tracking email method. In this technique, an email is peppered with photographs having distinct identification strings. Opening the email causes your device to send a request to the picture server, which loads the image and provides the unique identifier, alerting the host that you have read the email.
It was in September 2024 when the first evidence of Meta apps making use of the technique emerged. Whereas Yandex has been doing it for over eight years. However, both Meta as well as Yandex did not comment on the matter.
