• by Wendy Davis  @wendyndavis, September 16, 2022

Meta was hit with a new privacy lawsuit for allegedly collecting data about smartphone users' online activity by injecting tracking code into the sites people visit through the company's in-app browser.

“Meta does not inform Facebook users that clicking on links to third-party websites from within Facebook will automatically send them to Facebook’s in-app browser, as opposed to the user's default web browser, or that Meta will monitor their activity and communications while on those sites,” California resident Wayne Mitchell alleges in a class-action complaint filed Thursday in U.S. District Court for the Northern District of California.

Mitchell claims in the complaint that Meta violates the federal wiretap law, as well as various California state laws.

The complaint draws on research by security researcher Felix Krause, who reported last month that Facebook and Instagram can track app users who click on links to outside sites -- such as ads or retail sites.

The company can do so because its apps automatically open a Meta browser when people click on in-app links. That browser then injects tracking code into those outside sites, according to Krause.

Meta has not yet responded to MediaPost's questions about the lawsuit, but the company previously told Krause that the injected code helps to aggregate events such as online purchases.

The company also told Krause that its code respects an Apple setting that doesn't allow developers to track users without their explicit consent.

Mitchell claims in the complaint that Meta violates the federal wiretap law, and various California state laws.