Latest news with #Yandex
Sky News
a day ago
- Business
- Sky News
Meta found 'covertly tracking' Android users through Instagram and Facebook
Meta and search engine company Yandex have been "covertly tracking" Android users in the background of their devices, according to experts. Academics at the Radboud University in the Netherlands and IMDEA Networks said they discovered Meta and Yandex have been tracking Android users' browser activity without their consent and then using the data in their apps. Meta said it was looking into the issue, while Yandex denied collecting any sensitive data. Gunes Acar, assistant professor at Radboud University, said the "covert" data collection was spotted in January. He said he discovered Meta's apps, including Facebook and Instagram, and Yandex's apps, such as Yandex Maps, were sitting in the background of Android devices and loading a script that sent data locally back to apps on users' phones. The scripts bypassed Android's security measures and meant that Meta and Yandex could track what users were doing on web browsers, without the user consenting or even knowing, according to the expert. "They are bridging these two worlds that we think are separate; web browsing and mobile app activities," Dr Acar told Sky News. "That's very shocking." The apps were able to track users' browser data on all major Android browsers, even if the user was in incognito mode, the academics said. "It's really concerning because it negates every privacy control that you have in modern browsers and also in modern mobile platforms like Android," said Narseo Vallina-Rodriguez, associate professor at IMDEA Networks, to Sky News. Google, which owns the Android operating system, confirmed the covert activity to Sky News. It said Meta and Yandex used Android's capabilities "in unintended ways that blatantly violate our security and privacy principles". What have Meta and Yandex said? Meta told Sky News it was quickly looking into the issue. "We are in discussions with Google to address a potential miscommunication regarding the application of their policies," said a Meta spokesperson. "Upon becoming aware of the concerns, we decided to pause the feature while we work with Google to resolve the issue." Yandex said it "strictly complies with data protection standards", adding: "The feature in question does not collect any sensitive information and is solely intended to improve personalisation within our apps." Meta appeared to have been doing the data tracking for around eight months, while Yandex had since 2017, the academics said. "We found that Facebook was doing it on roughly 16,000 websites when visited from the EU, [...] Yandex was doing this on 1,300 websites," said Tim Vlummens, a PHD student at KU Leuven who worked on the research. Google told Sky News it had already "implemented changes to mitigate these invasive techniques and have opened our own investigation and are directly in touch with the parties". The tech giant did not respond when asked what repercussions Meta and Yandex were facing for their conduct. Firefox, Microsoft Edge and DuckDuckGo browsers were also affected, with Firefox owner Mozilla and DuckDuckGo engineers taking action to stop any future covert tracking.
Arabian Post
a day ago
- Business
- Arabian Post
Meta and Yandex Exploited Android Loophole to Track Users Across Browsers and Apps
Meta and Yandex have been found to exploit a loophole in Android's architecture, enabling them to de-anonymize users' web browsing activities by linking them to persistent app identities. This tracking method bypasses standard privacy protections, including incognito mode and cookie clearing, raising significant concerns about user privacy. Researchers from Radboud University, IMDEA Networks, and KU Leuven discovered that Meta's Pixel and Yandex's Metrica tracking scripts, embedded in millions of websites, communicate with their respective Android apps via the device's localhost interface. This communication allows the apps to receive browsing data directly from the browser, effectively linking web activity to user identities within the apps. The tracking mechanism operates by having the browser-based scripts send data to specific ports on the localhost interface, where the apps are listening. For instance, Meta's apps listen on UDP ports 12580–12585, while Yandex's apps use ports 29009, 29010, 30102, and 30103. This setup enables the apps to collect browsing data, including cookies and metadata, even when users employ privacy measures like incognito mode or VPNs. ADVERTISEMENT Meta began implementing this method in September 2024, while Yandex has utilized a similar approach since 2017. The widespread use of Meta Pixel and Yandex Metrica—estimated to be present on 5.8 million and 3 million websites respectively—suggests that a vast number of Android users could be affected. The discovery has prompted responses from major browser developers. Google has initiated an investigation and is working on mitigations to prevent such tracking techniques. Mozilla is also developing solutions to protect Firefox users on Android from this invasive tracking. Meta has paused the functionality in question and is in discussions with Google to address the issue. Privacy advocates and experts have expressed alarm over the findings. The method's ability to circumvent standard privacy controls and its potential to be used by malicious actors for surveillance underscore the need for stricter enforcement of privacy standards and greater transparency from tech companies regarding data collection practices.
The Hindu
a day ago
- Business
- The Hindu
Meta and Yandex violating privacy of Android users to track data: Report
A group of researchers have found that Meta and Russia-based search engine Yandex are bypassing privacy protections to track Android user data too closely. A report by Ars Technica has cited the findings saying that the tracking code embedded by Meta and Yandex into websites was sending unique identifiers from web browsing data to localhost ports using native apps installed on a device. 'These native Android apps receive browsers' metadata, cookies and commands from the Meta Pixel and Yandex Metrica scripts embedded on thousands of websites,' the researchers noted. 'These JavaScripts load on users' mobile browsers and silently connect with native apps running on the same device through localhost sockets.' The native apps were able to link mobile browsing sessions and web cookies to user identities since they handle device identifiers like the Android Advertising ID and user identities on Facebook and Instagram. Sandboxing is one of the primary ways to secure user data by isolating processes and preventing them from interacting with the OS or any other apps installed. Yandex and Meta started breaking the sandbox and bypassing it in 2017 and last September respectively. The researchers also found that the trackers, Meta Pixel and Yandex Metrica were targeting only Android users which unlike iOS has lesser restrictions in the app store as well as on the background executions of mobile apps. Google responded to the report saying they are investigating the violations and that the companies used 'capabilities present in many browsers across iOS and Android in unintended ways that blatantly violate our security and privacy principles.'
Mint
2 days ago
- Business
- Mint
Nvidia-backed Nebius raises $1 billion in convertible debt
Nvidia-backed cloud operator Nebius Group NV, spun out from Russian internet giant Yandex, said it has raised $1 billion in convertible debt to expand its operations next year. Amsterdam-based cloud computing services company plans to use the capital to finance additional infrastructure and expand its data-center footprint. The notes are in two tranches: $500 million in convertible notes due in 2029 and $500 million due in 2031, the company said in a statement on Monday. The notes will convert into equity on the basis of the original, principal amount of the debt. Last December, Nebius had raised $700 million from investors including Nvidia Corp. and Accel Partners. Nebius Chief Executive Officer Arkady Volozh had said at the time that he anticipated raising more this year as the company works to expand its 'GPU clusters' — a package of specialized AI chips and cloud services within data centers, reported Bloomberg. Last year, the company renamed itself after selling its business in Russia, which included Yandex's popular Russian search engine, amid geopolitical pressure and sanctions following Russia's invasion of Ukraine. Goldman Sachs is acting as the sole placement agent and the notes will go to qualified institutional buyers, the company said. Earlier in May, Nvidia had reported a larger-than-anticipated stake in Nebius' rival CoreWeave Inc. Nvidia, the world's most valuable chipmaker, disclosed a holding of 24.18 million shares, or about 7% of outstanding stock, as of March 31. That stake, included in a 13G filing, compared with a 5.2% figure in CoreWeave's prospectus. The amount showed how Nvidia supported CoreWeave's late-March initial public offering, acquiring about 6 million shares to add to its existing holding. Santa Clara, California-based Nvidia, which has fast become one of the most influential companies in Silicon Valley, anchored the IPO with an order of about $250 million, Bloomberg had reported. The Livingston, New Jersey-based company is accelerating capital spending to meet demand for its services.
Android Authority
2 days ago
- Business
- Android Authority
This Android loophole could have let your apps spy on your web browsing
Edgar Cervantes / Android Authority TL;DR New research suggests that Meta and Yandex used a loophole in Android to link web browsing data to app identities. The method bypassed incognito mode, cookie clearing, and other privacy protections. Researchers say the only sure fix for now is uninstalling the affected apps. You've long been reassured that using incognito mode or clearing cookies on your Android device will help prevent advertisers from tracking your web activity. However, new research shows that this may not be true, especially if you have certain popular apps installed. As reported by Ars Technica and disclosed by researchers behind the Local Mess project, both Meta and Russian tech giant Yandex have been found to be using methods that allow web browsing to be linked with app identities on Android. The researchers found that this tracking method exploits the way Android allows browsers and apps to communicate on the same device. The tracking scripts involved in this controversy are Meta Pixel and Yandex Metrica, which are embedded in millions of websites. While these tools are meant to help site owners measure engagement, the research shows they were being used to pass hidden messages from a browser to apps like Facebook, Instagram, and Yandex Maps using local network connections on your phone. If you were logged into any of those apps, they could pick up a unique ID from your browsing session and link it to your account, even in incognito mode. Meta began using this technique in late 2024, but Yandex has reportedly been doing so since 2017. That's a big problem because it circumvents most common privacy protections. It doesn't matter if you clear your cookies, avoid logging into sites, or browse in private mode. As long as the relevant app is installed and quietly running in the background, the company can still learn what websites you're visiting. The loophole works by sending browser data to localhost — an internal part of your phone's network setup that apps can access. Android doesn't notify users or prompt for permission when this a website with Meta Pixel or Yandex Metrica loads, it can trigger a connection to those apps via localhost, quietly sending data along the way. Meta began using this technique in late 2024, but Yandex has reportedly been doing so since 2017. Meta told Ars Technica that it had paused the feature and says it's working with Google to resolve what it describes as a 'potential miscommunication' over how the policies should apply. Google stated that the tracking behavior violates Play Store policies and Android users' privacy expectations, while Yandex hadn't yet responded to the publication's request for comment. Browsers like Brave and DuckDuckGo already blocked some of this behavior, and Google has started rolling out updates to Chrome that shut down the specific methods used. But the researchers caution that these fixes are temporary. A few tweaks to the code could get around them, unless Android adds more fundamental restrictions on how apps can access local ports. Meta Pixel and Yandex Metrica are widespread, appearing on almost six million and three million websites, respectively. According to the study, the vast majority of sites with these trackers begin collecting this data as soon as you land on the page, often before any consent pop-up appears. If all this sounds invasive, that's because most people would agree that it is. According to the research team, the only surefire way to block this kind of Android tracking right now is to uninstall the affected apps entirely. Got a tip? Talk to us! Email our staff at Email our staff at news@ . You can stay anonymous or get credit for the info, it's your choice.
