Android is pretty liberal with backgrounding relative to iOS. It's iOS that *needs* notifications to do anything meaningful in the background.

I suspect Android lets these sockets stay open as long as they're for something specific - in this case it looks like WebRTC might be allowed so they "munge" the cookie in:

> The Meta Pixel script sends the _fbp cookie to the native Instagram or Facebook app via WebRTC (STUN) SDP Munging.

k00b

security

“Localhost tracking” explained. It could cost Meta 32 billion.

that's spyware... i am a bit surprised android doesn't freeze sockets of background apps.

Actually, doesn’t it? Wasn’t the whole notification trick to keep the app alive necessary to prevent Android from killing sockets?


