I’m glad this is being reported. If the phone has a tattle tale it will be abused
The bypass—which Yandex began in 2017 and Meta started last September—allows the companies to pass cookies or other identifiers from Firefox and Chromium-based browsers to native Android apps for Facebook, Instagram, and various Yandex apps. The companies can then tie that vast browsing history to the account holder logged into the app.
Android imposes fewer controls on local host communications and background executions of mobile apps, the researchers said, while also implementing stricter controls in app store vetting processes to limit such abuses. This overly permissive design allows Meta Pixel and Yandex Metrica to send web requests with web tracking identifiers to specific local ports that are continuously monitored by the Facebook, Instagram, and Yandex apps. These apps can then link pseudonymous web identities with actual user identities, even in private browsing modes, effectively de-anonymizing users’ browsing habits on sites containing these trackers.
This is exactly what discord does. If you ever wondered how the f*** a discord link pops open discord without you giving permission, it’s this.
The solution is to not allow localhost connections from the web browser, or use a socksv5 proxy
I’m glad this is being reported. If the phone has a tattle tale it will be abused
This is exactly what discord does. If you ever wondered how the f*** a discord link pops open discord without you giving permission, it’s this.
The solution is to not allow localhost connections from the web browser, or use a socksv5 proxy