Punctuation isn’t the only thing that slips by unnoticed. Sometimes, it’s your data. Sometimes, it’s your trust. And sometimes, it’s your phone, quietly handing over pieces of your life to apps you aren’t even using.
That’s the situation researchers uncovered recently, when they found that Meta and Yandex had been quietly tracking Android users’ web activity. Not through the usual in-app data collection. Not through a cookie banner or a permissions prompt, but through background scripts running between your web browser and installed apps, completely out of sight.
The discovery came from researchers at Radboud University and IMDEA Networks. What they found wasn’t a glitch or a bug, but a deliberate method for siphoning off browser activity, including from incognito mode and feeding it back into apps like Facebook, Instagram, and Yandex Maps.
Imagine visiting a website while using Chrome or Firefox or even DuckDuckGo, thinking your browsing is compartmentalized. In reality, a script embedded in that site is talking to a local port on your phone. That local port is being monitored by an app. Suddenly, your private browsing session isn’t so private. The app now knows where you’ve been, what you’ve clicked on, and possibly who you are.
The two worlds we like to think of as separate — app data and browser data — weren’t separate at all.
They were holding hands behind your back.
Meta reportedly began doing this around September 2024. Yandex has been doing it for much longer, dating back to 2017. The scope isn’t small either. Meta’s method was detected on over 16,000 websites visited by users in the European Union. Yandex was spotted on 1,300 sites. These weren’t obscure blogs or niche platforms. They were everyday destinations, and whats scary is, the tracking was silent.
Google, which oversees Android, acknowledged that Meta and Yandex were using the system in “unintended ways.” That phrase is doing a lot of heavy lifting. What it really means is that Android’s architecture had a hole in it, and two of the world’s largest tech companies slipped through.
Meta says it has paused the feature. Yandex insists no sensitive data was gathered. Both these responses sound totally rehearsed. The kind of language companies use when they’re not quite sorry, but very interested in not making things worse.
The real problem isn’t just the technical exploit but rather the erosion of control. Users weren’t given a chance to opt in or out. They weren’t informed. There was no toggle, no warning, no prompt. Just dead silence.
It raises a bigger question though: how many other “unintended” uses of our data are quietly running in the background of our lives? If even incognito mode can’t keep the walls up, what protections are left?
This isn’t a story about hackers or leaks or malicious code. It’s a story about design. About companies that know more about the systems than users ever will. And about the quiet ways trust is lost, often not through big scandals, but through thousands of invisible moments that slip by unannounced.
When people say they feel watched, it’s usually dismissed as paranoia. But what if the feeling is just awareness catching up to reality?
That’s the part that sticks with me. Not the code or the cleverness of the exploit. The sheer quietness of it. The way your phone, your browser, and your apps can be working together against you, without making a sound. It’s fucking scary!
Source
Akhram Mohamed is the Editor of Geekhub.co.za and a longtime tech insider who’s spent 20+ years testing, launching, and talking about consumer gadgets. Formerly a VP at Huawei, he now writes with a critical eye and a deep love for tech that actually makes life better. When he’s not breaking down the latest devices, he’s gaming, building businesses, simplifying strategy, or podcasting about real-world leadership. Expect honest takes, sharp insights, and the occasional dad joke.
Follow him on social media: @akreinvented
