Researchers have uncovered a new cross-context tracking technique that impacts billions of Android users, exploiting localhost sockets to link web activity to native app identifiers without user consent. Major companies like Meta and Yandex have ceased these practices, but the discovery highlights ongoing privacy challenges in mobile and web tracking. #MetaPixel #YandexMetrica
Keypoints
- The tracking technique uses localhost sockets to connect web activity with native app identifiers secretly.
- Meta and Yandex exploited this method to track users across web and app environments without consent.
- Meta’s Pixel script and Yandex’s Metrica script initiated local socket communication on over 78% and 84% of tested websites.
- Browser updates from Chrome and Firefox now block the ports used for these malicious communications.
- The researchers emphasize the need for stronger privacy protections and transparent SDK documentation from tech companies.
Read More: https://securityonline.info/androids-secret-tracking-meta-yandex-abused-localhost-for-user-data/