Meta must face allegations of improper Android user tracking, judge rules
Meta will have to face claims brought by Android users who say the company cynically and stealthily exploited vulnerabilities in Android smartphones to match users’ browsing activity to their Meta social media accounts. Why? For more detailed advertising profiles, of course.

Image by Cybernews.
Meta will have to face claims brought by Android users who say the company cynically and stealthily exploited vulnerabilities in Android smartphones to match users’ browsing activity to their Meta social media accounts. Why? For more detailed advertising profiles, of course.
Most of us have surely noticed that when we search for products on our Android devices, ads for those products soon appear across our Facebook or Instagram feeds.
That’s not an accident, the class action lawsuit claims. Almost a year ago, plaintiffs accused Meta of intentionally – and secretly – circumventing browser protections to better link users’ browsing behavior with their Meta accounts.
The lawsuit was filed the same day that a group of internet security researchers disclosed that Meta had modified its tracking pixels to exploit a communication channel on Android devices typically used for making audio or video calls to tie users’ browsing information to their Meta social media profiles, making users non-anonymous and identifiable.
Now, US District Court Judge Rita Lin has ruled that Meta must face these claims – with pretty straightforward reasoning.
Check if your data has been leaked
“From those allegations of secretive and evasive behavior that were surprising even to technical experts, it is reasonable to infer that plaintiffs did not give Meta permission to evade Android’s sandboxing in this way and that Meta knew it was acting without permission,” the federal judge wrote in the 23-page ruling.
“There is a fundamental difference between using known functionality of a system in an unexpected way and employing subterfuge to exploit design flaws that are not broadly known.”
Most Android users download Meta’s apps, and fewer mobile users use Facebook or Instagram in a web browser.
It’s harder for Meta to link data to accounts if the user isn’t logged in on the web. Moreover, systems like Android operate under a sandboxing principle that is supposed to block one app (say, a browser) from accessing information contained in another app (say, Facebook or Instagram).
The judge also greenlit claims that Google breached its duty of care by designing Android with certain flaws that allowed Meta to exploit the operating system.
According to the plaintiffs, Meta was not content with that status quo. The tech giant allegedly modified its pixel code to get around Android’s sandboxing restrictions by passing data from web browsers to Facebook or Instagram using the communication ports.
In the complaint, the plaintiffs also argued that Meta specifically targeted Google’s Android systems, not Apple’s iOS systems, because Google’s “overly permissive” design enabled Meta to track and identify users without their permission.
It’s probably not an accident that the judge also greenlit claims that Google breached its duty of care by designing Android with certain flaws that allowed Meta to exploit the operating system.
In its motion to dismiss, Meta argued that the plaintiffs gave the company permission to track and identify them by agreeing to Meta’s privacy policy. However, the judge rejected that argument.
“The issue here is not that users had buyer’s remorse, like when users believe something is unlikely to occur simply because a privacy policy used ‘indefinite’ language like ‘may’ instead of will,’” the judge wrote.
“Rather, a reasonable user in this scenario could believe that the conduct at issue would never occur.”
Since last year’s revelations caused a stir in the tech world, with Google and Mozilla expressing outrage at Meta’s actions, the company has stopped using the aforementioned tracking method.
Unlock more exclusive Cybernews content on YouTube.