ADVERTISEMENT

Meta, Yandex caught using tracking tech that de-anonymizes Android users

Security researchers have unveiled a novel tracking method used by Meta and Yandex that effectively de-anonymizes billions of Android users when they browse the web, even using Incognito mode. The tech giants’ apps secretly listen for data from websites through “localhost” connections.

novel tracking method, Facebook, Yandex

Image by Cybernews.

Ernestas Naprys
Ernestas Naprys Senior Journalist
Jun 4, 2025 Updated: 4 June 2025 3 min read
Gintaras Radauskas jurgita vilius Konstancija Gasaityte profile
Don’t miss our latest stories on Google News
Add us as your Preferred Source on Google.

How is this done?

“This web-to-app ID sharing method bypasses typical privacy protections such as clearing cookies, Incognito Mode, and Android's permission controls. Worse, it opens the door for potentially malicious apps eavesdropping on users’ web activity,”
the researchers warn.
fb-network-packets
ADVERTISEMENT

Malware can abuse this and steal the data

“Brave browser was unaffected by this issue due to their blocklist and the blocking of requests to the localhost, and DuckDuckGo was only minimally affected due to missing domains in their blocklist,”
the report notes.

iOS may also be susceptible

Meta stops its activity after the disclosure

ADVERTISEMENT