Techly NewsGet the app

Get the latest tech news

Covert Web-to-App Tracking via Localhost on Android


Disclosure: Covert Web-to-App Tracking via Localhost on Android We disclose a novel tracking method by Meta and Yandex potentially affecting billions of Android users. We found that native Android apps—including Facebook, Instagram, and several Yandex apps including Maps and Browser—silently listen on fixed local ports for tracking purposes.

Due to Yandex using HTTP requests for its localhost communications, any app listening on the required ports can monitor the website a user visited with these tracking capabilities as demonstrated by the video above. However, beyond these short-term fixes, fully addressing the issue will require a broader set of measures as they are not covering the fundamental limitations of platforms' sandboxing methods and policies. It is plausible that users browsing the Internet and visiting sites integrating Yandex and Meta’s ID bridging between web and native apps, may not be fully aware of this behavior.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Android

Android

Photo of app

app

Photo of tracking

tracking

Related news:

News photo

Adobe launches beta version of its Photoshop app on Android

News photo

Adobe Photoshop finally launches on Android

News photo

Meta and Yandex are de-anonymizing Android users' web browsing identifiers

« Claude has learned how to jailbreak Cursor
KDE for Windows 10 Exiles – Upgrade your software, not your computer »