Thomas Steiner 

"We found that native Android apps—including Facebook, Instagram, and several Yandex apps including Maps and Browser—silently listen on fixed local ports for tracking purposes.

These native Android apps receive browsers' metadata, cookies and commands from the Meta Pixel and Yandex Metrica scripts embedded on thousands of web sites."—https://localmess.github.io/

This proposal is related: https://github.com/explainers-by-googlers/local-network-access. You can also replace native apps with PWAs that don't have the power to open servers.

Covert Web-to-App Tracking via Localhost on Android

Jun 4, 2025 at 6:49amWeb
Show threadRiley S. FaelanJun 4, 2025
@tomayac Makes it all the more infuriating that termux can't open a socket for inbound traffic on the local network segment for something like an ssh server.
Show threadMatmar SpaceJun 4, 2025
@tomayac Another reason not to use Facebook and other proprietary apps