Comment by immibis

What they were caught doing was opening some local port via TCP sockets (let's say localhost:9000) and then advertisements would connect to localhost:9000 to add themselves to your advertising profile even if you were in a private browser, had cookies blocked, or anything like that. Both Facebook and Instagram apps were caught doing it. Now, if they were formally caught by the legal system, they'd go to prison (,in countries other than the USA) so as soon as it made front page HN, they removed it from the apps.