Meta and Yandex Broke Android Privacy
Although how they did it is slightly different, Meta, owner of Facebook, Instagram, WhatsApp and other apps and Yandex, a Russian company that offers Google-like services, both figured out that just because a user said don’t track me didn’t mean that it applies to them.
Rather than sending cookie data back to Meta and Yandex, which the user can say no to, they figured out how to send data locally, on the phone, to their own flagship apps and from there, consolidate the data and send it home.
Roughly 6 million websites use Meta tracking pixels and 3 million use Yandex pixels.
A Meta spin doctor said they stopped doing that once they were outed. Well, they actually said that they stopped it “upon becoming aware of the concerns”, which I think is a distinction with no difference.
The data collected is very detailed and includes details like whether a user shops for a product online, whether they put it in a shopping cart, if they completed the purchase and other information tracking a consumer’s buying habits.
Given the amount of money Meta stood to lose, when Google/Android blocked one technique of doing this called SDP munging, Meta, rather than complying with the user’s request for privacy, figured out a different way around the consumer’s privacy settings.
Google shipped “countermeasures” in a May 26th Chrome update. This appears to be a trial to see if Meta and Yandex get the message.
Similar techniques likely work on iOS devices and smart TVs, as well as desktops.
Now that the cat is very publicly out of the bag and the technique likely violates state privacy laws, maybe they will stop doing it.
But given the billions of dollars the advertising data industry represents, don’t count on it.
More interestingly, it is not clear if state AGs are paying attention now. That might be more impactful. A billion dollar fine in one state, a billion dollar fine in another state; after a while it adds up.
Meta says it is in communication with Google to discuss a “potential miscommunication” regarding the application of Google’s Android policies. Yeah, I don’t think there was any miscommunication involved.
Credit: Data Breach Today
by 