1013

Not sure if this is a good place for this post or not, but here goes.

I reject outbound connections to meta domains at the firewall. I noticed this banking app refuses to prompt for login credentials unless I am on mobile or a public WiFi network. I watched my FW logs and noticed many rejected connections to graph[.]facebook[.]com.

I contacted their support team, but they denied the connection was their app. I shared the screenshot on this post and they closed my case without comment.

I emailed the address on the Google play store and they also denied the connection was their app. I shared the screenshot and they asked if I downloaded the app from the play store, implying the official app doesn't do this, but of course it does.They closed my case without proper resolution as well.

Just thought I'd share this here so people know that some banks make direct connections to Facebook to share analytics, without your knowledge or informed consent, and they lie about it when called on it.

you are viewing a single comment's thread
view the rest of the comments
[-] Yuper@lemmy.world 81 points 1 year ago

I know a software developer that worked for Ally when they were adding this. They all said it was a terrible idea, but were ignored. The reason they claim it’s needed is to track app installs that originate from an ad on Facebook. Since the App Store sits in between the ad click and App launch, there isn’t an easy way to track it without that. But, it shouldn’t be blocking you from logging in.

[-] darthfabulous42069@lemm.ee 43 points 1 year ago

I'd bet you bottom dollar Ally is selling their customers' financial information to Meta, and this is a manifestation of that.

[-] Yuper@lemmy.world 12 points 1 year ago

I wouldn’t doubt it.

[-] nbafantest@lemmy.world 4 points 1 year ago* (last edited 1 year ago)

Might not even be selling it, could just be an arrangement to use some sort of "sign in with facebook" service or even advertise on facebook marketplace/adverts

[-] Risk@lemmy.world 5 points 1 year ago

So you see, Your Honour, we didn't sell Facebook any data - we just sold Facebook the ability to harvest our users data directly.

[-] pexavc@lemmy.world 5 points 1 year ago

I remember we had to build an obj-c wrapper for FB's calls like these because of these crashes, that basically ignored the stall and continued the user's session regardless

[-] static_motion@programming.dev 3 points 1 year ago

Since the App Store sits in between the ad click and App launch, there isn’t an easy way to track it without that.

How does that work exactly? Does the App Store pass along some information to newly installed apps or something? My company's app, which I worked on for some time, also uses an external service to track installs (not Facebook or any social media), but I didn't work on the implementation of it and never really got to grips on how it works.

[-] WhoRoger@lemmy.world 13 points 1 year ago* (last edited 1 year ago)

App store doesn't, the app itself does, that's why this thing is included in it.

  1. You click an ad on FB = you're ID'd by a cookie or login or account on the device or fingerprint or whatever (probably all of the above)

  2. You install the app from app store. Neither the bank or FB knows this.

  3. You launch the app. The integrated FB library reads the cookie or FB account on the device or whatever it can, and pings FB. FB compares this ID to the entries and finds that it was you who clicked the ad.

  4. FB bills bank for an ad click

Another option is there to be a specific FB variant of the app with its own app store entry, but they probably wouldn't do that for something this trivial.

[-] Yuper@lemmy.world 1 points 1 year ago

That’s a good question and I’m not entirely sure. I am just saying what they told me. Sorry!

this post was submitted on 19 Jul 2023
1013 points (91.8% liked)

Technology

59456 readers
3931 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS