Mashable: Studies conducted by researcher Felix Krause show that these browsers embed JavaScript scripts in every page you see.

You may have noticed that clicking on a link in a social media app such as Facebook or Instagram takes you to the site you're interested in inside the app itself, rather than your default web browser. Studies conducted by researcher Felix Krause show that these browsers embed JavaScript scripts in every page you see. Because of this, parent company Meta may be able to monitor your online activity.

Krause said in a blog post that "the Instagram app injects its monitoring code into every page presented, even when you click on an ad." This enables them to record the user's every activity, including the selection of text, links clicked on, screenshots taken, and sensitive information entered into a form (such as a password, address, or credit card number).

Specifically, he looked at iOS versions of Facebook and Instagram. App Tracking Transparency (ATT), introduced in iOS 14.5 by Apple, allows users to decide for themselves whether or not they want to be monitored when they first use an app. Previous statements by Meta have indicated that this feature will reduce their revenue by about $10 billion in 2022.

To quote Meta, the implanted tracking code cared about what ATT customers desired. As one representative explained to The Guardian, "The code allows us to capture user data and then utilize it for targeted advertising or measurement." "No extra pixels are included. Pixels are "programmed" so that we may get conversion events from them. We request permission to save payment information from in-app purchases so that it may be used to auto-fill subsequent forms."

Krause speculated that Facebook wasn't attempting to steal data through the javascript injection. JavaScript injection on any secure site would be impossible if applications instead launched the user's favorite browser, such as Safari or Firefox. On the other hand, he noted that Instagram and Facebook's built-in browsers "function for any website, whether it's encrypted or not."

Krause discovered that, unlike other messaging apps, WhatsApp does not affect other websites in the same manner. Thus, he recommends that Meta do the same with Facebook and Instagram, or at least use Safari or some other browser to access links. That's what the user needs and wants, thus it's the appropriate thing to do.