Researchers Reveal Meta And Yandex Tracked Android Users’ Browsing Identities - 1

Photo by Glen Carrie on Unsplash

Researchers Reveal Meta And Yandex Tracked Android Users’ Browsing Identities

  • Written by Andrea Miliani Former Tech News Expert
  • Fact-Checked by Sarah Frazier Former Content Manager

Researchers have revealed that Meta and the Russian company Yandex have been using their native Android apps to track users’ browsing data without their consent, bypassing privacy and security protections. Google has stated that it is investigating the abuse.

In a rush? Here are the quick facts:

  • Researchers reveal that Meta and Yandex have been tracking users’ browsing behavior.
  • Meta and Yandex implemented covert tracking into their apps, such as Instagram, Facebook, Yandex Maps, and Yandex Browser.
  • Billions of Android users have been affected, and Google is investigating the case.

According to the report , updated on Tuesday and titled “Covert Web-to-App Tracking via Localhost on Android,” Meta and Yandex gained access to users’ browser metadata, commands, and cookies through localhost sockets on their devices.

“We disclose a novel tracking method by Meta and Yandex potentially affecting billions of Android users,” states the document. “We found that native Android apps—including Facebook, Instagram, and several Yandex apps, including Maps and Browser—silently listen on fixed local ports for tracking purposes.”

The tech companies have been taking advantage of the web-to-app ID sharing method—Yandex since 2017, and Meta since September 2024—bypassing protections including incognito mode, Android’s permission controls, and clearing cookies. After the researchers shared the publication, Meta stopped using the tracking method.

Yandex said the feature considered in the research does not collect users’ personal information and that its only purpose is to provide a more personalized service. The researchers differ and highlight the risks of the used methodology.

“One of the fundamental security principles that exists in the web, as well as the mobile system, is called sandboxing,” said Narseo Vallina-Rodriguez, one of the researchers behind the discovery, in an interview with Ars Technica. “You run everything in a sandbox, and there is no interaction within different elements running on it. What this attack vector allows is to break the sandbox that exists between the mobile context and the web context. The channel that exists allowed the Android system to communicate what happens in the browser with the identity running in the mobile app.”

Researchers noticed the abuse only in Android, but mentioned that it could be implemented on iOS as well.

Other actors have also been targeting Android users. A few days ago, cybersecurity researchers revealed that scammers have been stealing card data through an Android malware called SuperCard X .

Google’s Gemini 2.5 Adds Real-Time Audio And Custom Speech Tools - 2

Image by Firmbee.com, from Unsplash

Google’s Gemini 2.5 Adds Real-Time Audio And Custom Speech Tools

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Google introduced native audio capabilities in the Gemini 2.5 model, which expanded its native support for real-time dialogue and controllable text-to-speech (TTS) generation.

In a rush? Here are the quick facts:

  • Users can control tone, accent, and emotion using voice or prompts.
  • Text-to-speech features allow expressive, multilingual, multi-speaker audio generation.
  • Gemini can ignore background noise and respond only when relevant.

Google announced that users and developers can now use AI for spoken conversations, and produce audio content, through more than 24 language options.

Google states that Gemini 2.5 now generates and understands speech directly in audio, which enables users to interact more quickly and naturally. The model accepts natural language commands to modify its tone, accent, and style, while adding non-verbal features such as pauses and whispers.

The system maintains external tool connectivity through Google Search, and custom APIs, throughout conversations to retrieve relevant information.

The text-to-speech component has also been updated. Users can now control audio generation with advanced features that include emotional tone adjustment, pacing control, pronunciation customization, and multi-speaker audio output. The features work with different content types, including storytelling, announcements, and podcasts.

Google provides Gemini 2.5 Pro and Flash previews for developers through Google AI Studio or Vertex AI. The Flash preview serves for quick and affordable use, but Pro offers enhanced functionality for complex prompts.

Google implemented watermarking through SynthID in all AI-generated audio during development to ensure transparency and conducted risk assessments for safety purposes. The company performed internal and external safety assessments before releasing the system to the public. Google implements these features as part of its initiative to develop multimodal AI systems, which operate between text, image, video, code, and advanced audio.