>bypassing the permission system

On Android you can't make a network service permissioned. And when you make a binder service permissioned it's up to the app itself to specify with what permission a caller needs in order to be able to use the service, or the service can choose to be unpermissioned. Either way apps on Android are free to host unpermissioned services that other apps on the system connect to. Chrome connecting to such a service did not have to bypass a permission since there was no permission protecting it.

▲

immibis an hour ago | parent [-]

What they were caught doing was opening some local port via TCP sockets (let's say localhost:9000) and then advertisements would connect to localhost:9000 to add themselves to your advertising profile even if you were in a private browser, had cookies blocked, or anything like that. Both Facebook and Instagram apps were caught doing it. Now, if they were formally caught by the legal system, they'd go to prison (,in countries other than the USA) so as soon as it made front page HN, they removed it from the apps.

	▲	charcircuit 9 minutes ago \| parent [-]
		>even if you were in a private browser Incognito mode is about not saving data or browser history to your computer. Sites can still identify you if you login or even just from your IP. It's not meant to make you anonymous. This is a common misconception which is why these modes show a big warning explaination when you enable them. >they'd go to prison That's for the courts to decide. The Facebook and Instagram apps may have already gotten consent from the user to share this information.