Researchers have discovered that Meta and Yandex are using embedded tracking code on millions of websites to de-anonymize users by exploiting legitimate internet protocols. This allows them to bypass Android's sandboxing and browser security protections, converting temporary web identifiers into persistent mobile app user identities. The Meta Pixel and Yandex Metrica trackers pass cookies and identifiers from browsers to native Android apps, linking browsing history to user accounts. Google is reportedly investigating the abuse, which began with Yandex in 2017 and Meta in September.
Researchers have identified that Meta Platforms (META) and Russia-based Yandex are employing embedded tracking code, namely Meta Pixel and Yandex Metrica, across millions of websites to de-anonymize users. This is achieved by exploiting legitimate internet protocols, causing browsers such as Chrome and Firefox to surreptitiously transmit unique identifiers to native Android applications like Facebook, Instagram, and various Yandex apps. This process effectively converts ephemeral web identifiers into persistent mobile app user identities, circumventing critical security and privacy measures like Android's sandboxing and browser-specific state and storage partitioning. Yandex reportedly began this practice in 2017, with Meta implementing it in September of the previous year. This methodology represents a significant breach of web and mobile security principles by breaking the isolation between mobile and web contexts. Google (GOOGL, GOOG) has initiated an investigation into this abuse, which has generated a strongly negative sentiment, particularly for Meta (ticker sentiment -0.9), and signals potential repercussions related to cybersecurity, data privacy, regulatory actions, and legal challenges.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
strongly negative
Sentiment Score
-0.70
Ticker Sentiment
