In the early days of the internet, cookies were a novel feature allowing websites to remember user visits, making it easier to continue where one left off. However, their reputation has suffered greatly over time, primarily due to the misuse of cookies for tracking web activity to deliver targeted advertisements.

While browsing activity is usually pseudo-anonymous, a recent report has shed light on how Yandex and Meta are de-anonymizing web identifiers for Android users. The findings indicate that both companies have devised methods to circumvent built-in privacy controls aimed at safeguarding user data.

Although Google has implemented privacy features in Android, such as the Android sandbox, which restricts apps’ access to certain resources, the report claims that Yandex Metrica and Meta Pixel trackers have managed to bypass these protections. They achieve this by transferring cookies and other identifiers from web browsers like Firefox and Chrome directly to native Android applications, including Facebook and Instagram.

Consequently, user activities performed in a browser are linked to their accounts in these apps. Both Meta and Yandex responded to the concerns after they were raised.

Meta stated that they are in talks with Google to clarify a potential misunderstanding regarding policy applications. They expressed that they would pause the feature until the issue is resolved.

Yandex, on the other hand, emphasized its compliance with data protection standards and denied any practices involving the de-anonymization of user data, insisting that the feature in question is solely aimed at improving app personalization. Interestingly, the report suggests that these tracking methods are targeting Android users specifically.

While iOS users are not currently affected, the techniques could still be applicable, potentially mitigated by Apple’s stringent policies on privacy and data protection.