Source URL: https://yro.slashdot.org/story/25/06/03/205251/meta-and-yandex-are-de-anonymizing-android-users-web-browsing-identifiers?utm_source=rss1.0mainlinkanon&utm_medium=feed
Source: Slashdot
Title: Meta and Yandex Are De-Anonymizing Android Users’ Web Browsing Identifiers
Feedly Summary:
AI Summary and Description: Yes
Summary: The text discusses a newly discovered method used by Meta and Yandex that bypasses existing Android privacy protections, allowing these companies to de-anonymize users by linking their web browsing activities to their identities through local communication with their mobile applications. The implications affect privacy and security in mobile computing environments.
Detailed Description: The text reveals a troubling privacy vulnerability involving native Android apps from major companies like Meta and Yandex. Researchers have identified a method that allows these apps to access sensitive user information and activities without consent. Here are the key points:
* **Tracking Method**: Native Android apps (e.g., Facebook, Instagram) are reportedly listening on fixed local ports for data from web browsers.
* **De-anonymization**: By extracting metadata, cookies, and commands from scripts like Meta Pixel and Yandex Metrica embedded on websites, the apps can link mobile browsing sessions to user identities through device identifiers (e.g., Android Advertising ID).
* **Circumvention of Privacy Protections**: This method bypasses typical privacy measures like:
* Clearing cookies
* Incognito Mode
* Android’s permission controls
* **Potential Risks**: The approach opens vulnerabilities for malicious apps to eavesdrop on user activity, highlighting significant security implications.
* **Privacy API Usage**: The JavaScript embedded in web pages can communicate with native applications on the same device via localhost sockets, essentially bridging user identifiers from web interactions to mobile app IDs.
* **Compliance Concerns**: This behavior raises serious issues regarding compliance with privacy regulations and the ethical use of user data.
* **Industry Response**: Following the public disclosure, Meta halted the practice in June 2025, while browsers like Chrome and Firefox are implementing mitigations, indicating the need for stricter OS-level enforcement to safeguard user privacy.
This development emphasizes the importance of robust security measures and the need for vigilance in the evolving landscape of app privacy and user data protection. Security and compliance professionals must be cognizant of these vulnerabilities and advocate for better privacy practices and policies that protect user information and comply with regulations.