Researchers: Meta and Yandex Broke Android Privacy

Web-to-App Pipeline Uses Meta Pixel and Yandex Metrica David Perera (@daveperera) • June 3, 2025

American social media giant Meta and Russian counterpart Yandex each found methods to break through privacy protections enabled by Android users, say academics in newly disclosed research.

See Also: Top 10 Technical Predictions for 2025

The tracking systems use scripts embedded into mainstream websites for gathering visitor metrics: Meta Pixel and Yandex Metrica. The methods, which differ slightly in execution, take advantage of Android permissions to funnel cookies from websites that contain tracking scripts onto Meta or Yandex apps, where web activity data can be consolidated and shipped to remote servers.

Researchers primarily from a science institute in greater Madrid warned Monday that besides violating users' privacy, web-to-app tracking opens the door to a malicious third-party app that could intercept the cookie funneling.

Roughly six million websites across the globe house Meta Pixel and ...