Even if you browsed in incognito mode or used a VPN, Meta and Yandex may have still tracked your online activity on Android—without your knowledge or consent.
Security researchers have uncovered a hidden tracking method used by both companies to link your web browsing to your app identity, sidestepping the usual privacy protections Android users rely on.
How They Did It?
The trick involved embedding tracking tools—Meta Pixel and Yandex Metrica—into millions of websites. When users visited these sites on Android devices, the embedded code connected with the companies’ apps (like Facebook, Instagram, or Yandex) through local network channels.
That connection allowed the apps to gather detailed browsing data—like searches, purchases, and form entries—and tie it back to the user’s app identity, even when the user wasn’t logged in through a browser.
This method worked silently, and most users had no idea it was happening.
Why It’s a Big Deal?
- It bypassed incognito mode and VPNs.
- It didn’t ask for user permission.
- It exploited how Android allows apps to set up local network connections.
Meta reportedly began using this technique in September 2024. Yandex had been at it since 2017. With Meta Pixel embedded on nearly 5.8 million websites and Yandex Metrica on 3 million more, the potential scale of this tracking is massive.
What’s Being Done?
Meta has paused the feature and is working with Google to fix the issue. Google says the method violated its own privacy standards and has made changes to prevent it going forward.
Browser developers—Chrome, Firefox, DuckDuckGo—are now racing to build in new protections that stop this kind of cross-app tracking.
What Experts Say?
Privacy advocates call this a major breach of trust. They argue that Android needs stricter rules and tighter app oversight to avoid similar abuses in the future.
Their advice to users: be selective about which apps you install and stay informed about what they might be doing behind the scenes.
This discovery is a reminder that even when you think you’re browsing privately, hidden tech can still be watching. As digital tracking gets more sophisticated, so must the tools—and the rules—that protect your privacy.