alt Hacker NewsYes, but if the concern is not mixing business and personal compartment of the phone, business sites would hopefully not embed a Meta tracking pixel.
> The takeaway is that for all intents and purposes, anything you did in a private session or secondary profile on an Android device with any Meta app installed, was fully connected to your identity
Definitely, and that's a huge problem. I just don't think Android business profiles are a particular concern here; leaking app state to random websites in any profile is the problem.
Or do Android "business profiles" also include browser sessions? Then this would be indeed a cross-compartment leak. I'm not too familiar with Android's compartment model; iOS unfortunately doesn't offer sandboxing between environments that way.
Replies
> do Android "business profiles" also include browser sessions
I believe that is typical.
My business profile has it's own instance of Chrome. Mostly used for internal and external sites that require corporate SSO or client certificates. Of course it could be used to browse anything.
While I agree with your reasoning, in my experience any statement where I prepend "hopefully" usually ends up being the worst possible interpretation in practice.