Wait, so any app on Android with network access can just open a localhost port and then a browser script can share all your private browsing data via that port? Even on GrapheneOS? How is that not
Wait, so any app on Android with network access can just open a localhost port and then a browser script can share all your private browsing data via that port? Even on GrapheneOS? How is that not restricted?? What's stopping your banking apps or "sandboxed" Google Play store from doing this and tracking everything?
https://www.theregister.com/2025/06/03/meta_pauses_android_tracking_tech/
Based on the article, it sounds like those websites need to be running a script to do such things. Meta is in far more places than you'd expect. So what's stopping your banking app? The fact that other sites have no reason to run anything from your bank.
@Alexstarfire but that ignores that vast interconnect world of ad tracking. They sell services to easily bundle into apps and put their trackers all across the web. I have little doubt that this is currently or will soon be exploited elsewhere if marketers are aware of the technique.
If they can inject such things into the ads, then sure. I don't know if that's possible.
@Alexstarfire I mean isn't it literally just a standard network connection but to 127.0.0.1? Don't even need JavaScript to do that.
You'd need a script in the ad to send stuff to the port. Info doesn't just magically appear at the port you're listening to.
I don't know enough about ads to know if that's possible. I also don't know what info that ad would have access to. It wouldn't be very useful if it didn't have access to any info about the site serving the ad.
@Alexstarfire it simply requests random_unique_ID.jpg... The app doesn't even have to respond - it just takes note of the unique ID. Or in Meta's case the website just sent a ping and got back a simple HTTP status 200 message. That was enough to confirm you had Facebook installed.
There's absolutely nothing stopping the app from serving up actual data, like a credit score from your banking app for example.
Why would the app do anything like that? The same company is on both sides of this. They already have that data. The point is to link data from your browser to data they already have about you.
They sell the info to the website! It's a service. Ad networks. You can look up how this stuff works