• by Wendy Davis , Yesterday

Meta Platforms should be required to face claims that it engaged in a "brazen plot" to identify people who thought they were browsing the mobile web anonymously, Android users argue in new court papers.

"This case concerns indisputably deliberate conduct that stunned computer scientists, the public, and even Google when exposed last year: a covert scheme by Meta to impermissibly exploit a security vulnerability in Google's Android operating system, which allowed Meta to tie together users' real-world identities and their detailed web browsing activities without consent," counsel for the plaintiffs argues in papers filed late last week with U.S. District Court Judge Rita Lin in San Francisco.

"Meta engaged in this brazen plot to de-anonymize the web browsing activities of many millions of Android mobile device users to build and enrich detailed dossiers linked to their Facebook and Instagram accounts," the attorneys add. "These dossiers were, and remain, highly valuable to Meta, allowing it to leverage and profit from marketing-related inferences about these people at the expense of their reasonable expectations of privacy."

The papers come in a dispute dating to June 2025, when California resident Devin Rose (later joined by other plaintiffs) alleged in a class-action complaint that Meta secretly tracked Android users' browsing activity on mobile websites that embed Meta's analytics pixel, and linked that activity to users' identities.

The lawsuit was filed the same day researchers published the report “Disclosure: Covert Web-to-App Tracking via Localhost on Android,” which said Meta exploited localhost -- a feature that allows software developers to test applications -- to capture Android users' mobile browsing data.

Meta stopped the covert tracking the day the report came out, according to the researchers who authored the report.

Rose alleged that he visited mobile sites with Meta's pixel, including techcrunch.com and wired.com, and that everything he did on those sites -- including the articles he viewed, and searches he conducted -- was collected by Meta and tied to his identity for ad purposes.

The complaint includes claims that Meta violated a California wiretapping law, and engaged in “intrusion upon seclusion” -- a claim that can be brought in California over “highly offensive” privacy violations.

Last month, Meta urged Lin to dismiss the suit. The company raised several arguments, including that the plaintiffs lacked "standing" because they hadn't experienced a "concrete harm" as a result of the alleged tracking and de-anonymization.

Meta specifically argued that the plaintiffs failed to claim they provided "sensitive" data to websites where they allegedly were tracked, and that the plaintiffs consented to the data collection by accepting Meta's privacy terms.

"Meta’s privacy policy broadly discloses that it collects identifiers from advertising partners ... and uses these identifiers to match users’ browsing activity to their Meta accounts," the tech company argued.

The plaintiffs are pressing Lin to reject Meta's contentions, arguing the the alleged privacy violation, if proven true, would in itself be the type of injury that warrants a lawsuit.

They also argue that Meta's various representations about privacy don't put users on notice of its alleged "de-anonymization scheme."

"Because Meta’s de-anonymization scheme was never disclosed, no reasonable person could have consented to it," counsel for the plaintiffs writes.

The Android users are also suing Google for allegedly failing to employ security measures that would have protected people's data.

Google late last month petitioned Lin to dismiss the claims, essentially arguing that the allegations in the complaint, even if proven true, wouldn't show that Google was at fault.

"Plaintiffs seek to hold Google liable for what they claim was a deliberate scheme by Meta to circumvent Android's privacy protections," Google argued. "Yet plaintiffs do not (nor can they) plead that Google knew of, much less participated in or benefited from, the alleged scheme."

Counsel for the plaintiffs countered late last week that the Android operating system had "fundamental flaws" that allowed Meta to circumvent privacy protections.

Lin is expected to hold a hearing in the matter on March 24.