A federal judge on Friday dismissed claims that Meta Platforms wrongly tracks smartphone users who access the web through Facebook's and Instagram's in-app browser.
U.S. District Court Judge Araceli Martinez-Olguin hasn't yet issued an opinion spelling out her reasons for throwing out the claims. Her order allows the smartphone users to amend their allegations and bring them again by Sept. 18.
The ruling comes in a class-action complaint brought last year by Wayne Mitchell and other Facebook users who claimed Meta violates the federal wiretap law, as well as various California state laws, through its in-app browser.
Mitchell and the others sued soon after security researcher Felix Krause reported that Meta can track Facebook and Instagram mobile users who click on links to ads, retailers and other sites. Meta is able to do so because its apps automatically open a Meta browser when people click on in-app links; that browser then injects tracking code into those outside sites, according to Krause.
“The Instagram app injects their JavaScript code into every website shown, including when clicking on ads,” he wrote. “Even though the injected script doesn’t currently do this, running custom scripts on third-party websites allows them to monitor all user interactions, like every button & link tapped, text selections, screenshots, as well as any form inputs, like passwords, addresses and credit card numbers.”
Krause added that Meta told him the injected code helps to aggregate events such as online purchases, and that the code respects an Apple setting that doesn't allow developers to track users without their explicit consent.
Meta in March urged the judge to throw out the case at an early stage, arguing that the lawsuit's central allegations -- that the company monitors all activity by users in in-app browsers , and that it violates Apple's no-tracking policy -- weren't supported by Krause's blog post.
Without those allegations, “plaintiffs are left only with the Krause Post’s generalized concern that a custom in-app browser could be used to monitor everything a user does, or plaintiffs’ own speculation that Meta could be doing so through the in-app browser,” the company wrote.