On June 3, 2025, Meta announced the suspension of a controversial Android tracking mechanism following revelations by a group of European researchers. The feature, which leveraged the Android “localhost” environment, raised serious concerns about user privacy and tracking transparency.
How the tracking method worked
According to findings from researchers at IMDEA Networks in Spain, Radboud University in the Netherlands, and KU Leuven in Belgium, Meta’s Android apps—including Facebook and Instagram—were quietly monitoring specific local ports. This allowed them to collect data from scripts embedded in websites, effectively linking mobile browsing behavior to specific user identities.
Bypassing traditional privacy protections
The researchers discovered that Meta’s technique allowed it to capture metadata, session details, and cookie information directly through scripts like the Meta Pixel. This approach bypassed traditional user protections such as private browsing, cookie deletion, and Android permission requests, undermining the overall privacy model of the Android ecosystem.
Meta’s response to the backlash
Shortly after the study was made public, the researchers noted that Meta began disabling the localhost connections used by its tracking scripts. In a statement, Meta confirmed the suspension of the functionality: “We are currently working with Google to clarify the implementation of their policies. Once we became aware of the concerns, we chose to pause the feature while addressing them collaboratively.”
Security updates from browser developers
In response to the discovery, several Android browser vendors moved quickly to patch the vulnerability. Chrome version 137, released on May 26, 2025, introduced new safeguards to block this form of local port tracking. Meanwhile, privacy-focused browsers like Brave and DuckDuckGo also deployed updates to prevent unauthorized localhost access from third-party scripts.
A reminder of the importance of data transparency
This incident highlights the growing complexity of digital tracking and the need for constant scrutiny of background data collection methods. While Meta claims to operate within the limits of Android’s framework, the hidden nature of this tracking underscores how easily user expectations around privacy can be violated without explicit consent.
With major platforms under increasing pressure to prioritize ethical data use, this case serves as a wake-up call for more transparent and user-first tracking policies in mobile environments.
As a young independent media outlet, EOTO.tech needs your support. Follow us and add us to your favorites on Google News. Thank you!
