Meta devised an ingenious system (“localhost tracking”) that bypassed Android’s sandbox protections to identify you while browsing on your mobile phone — even if you used a VPN, the browser’s incognito mode, and refused or deleted cookies in every session.
This is the process through which Meta (Facebook/Instagram) managed to link what you do in your browser (for example, visiting a news site or an online store) with your real identity (your Facebook or Instagram account), even if you never logged into your account through the browser or anything like that.
Meta accomplishes this through two invisible channels that exchange information:
(i) The Facebook or Instagram app running in the background on your phone, even when you’re not using it.
(ii) Meta’s tracking scripts (the now-pulled illegal brainchild uncovered last week), which operate inside your mobile web browser.
I can’t remember which one of my phones, probably a Samsung that had Facebook installed and couldn’t get rid of it. People were like, you can just not open it or something. There’s a good reason I don’t want it on my device.
yup. some samsungs also have a hidden “meta services” app thats not uninstallable too.
I had one of theirs like that. You could disable it instead of uninstall, and this wouldn’t happen, but you couldn’t uninstall it.
The real fun started with Android 12. Google introduced the ability for some preloaded apps to avoid being disabled and prevent ADB shell disable.