One of the biggest concerns for users online, is the ability of almost anything you open on the internet, to track you, despite leaving the page you initially landed on. Same is true for most apps you download. Meta’s universe of social media apps in particular, is pretty notorious when it comes to tracking user behaviour, and then using that data for targeted advertising. To allay these fears, companies such as Apple have taken steps to make it difficult for apps and platforms to track the activity of users on the internet, but as it seems, these measures are not enough.

It is social media company Meta that is now in the hot-seat, and has been sued by a bunch of Facebook users, for allegedly exploiting a loophole in Apple’s privacy update to iOS and tracking the internet activity of users.

Two Facebook users have filed a class-action complaint on Wednesday in in the U.S. District Court for the Northern District of California alleging that Meta had skirted past Apple’s measures to protect user privacy and violated laws both at the state and federal level, laws that capped the unauthorized collection of personal data. This follows a similar complaint filed in the same court last week.

The complaints inform that Meta skirted past Apple’s security measures, tracked users, and intercepted their data by injecting javascript code into third-party websites.

For reference, the update brought to iOS by Apple last year requires all third-party apps to obtain consent from users before tracking their activities. Users had the option to opt out of all the tracking, and so many people did. That opt-out apparantly led to Meta loosing nearly $10 billion in revenue in 2022. This was a massive blow to social media companies such as Meta, which heavily employ targeted advertising for its users. It is thus evident that the company was desperate for new ways to collect, analyse, and utilize user data.

In a report, security researcher and former Google engineer Felix Krause alleged that Meta sought to recuperate from the losses by injecting code into third-party websites, which would allow the company to freely harvest user data without the consent of the users. Both lawsuits, which are suing the company on behalf of all the iOS users who have been impacted, draw from Krause’s report.

By directing users who click a link in the Facebook app to an in-app browser instead of default browser of the smartphone, Meta “eavesdrops” on users, tracks their activities on the internet, and collects personally identifiable and sensitive information. It appears that most users are unaware of the tracking and thus freely share personal information with these websites.

“Meta now is using this coding tool to gain an advantage over its competitors and, in relation to iOS users, preserve its ability to intercept and track their communications,” the complaint alleges.

The complaints add that Meta has not denied it, and acknowledged that it tracks the in-app browsing activity of Facebook considerable user base. It also confirmed that it uses the user data that it collected for targeted advertising.

However, a Meta spokesperson informed that the allegations were “without merit” and that the company would defend itself “vigorously.” “We have carefully designed our in-app browser to respect users’ privacy choices, including how data may be used for ads,” the spokesperson said.