Meta Platforms was sued for allegedly building a secret workaround to safeguards that Apple launched last year to protect iPhone users from having their Internet activity tracked.

In a proposed class-action complaint filed on Wednesday in San Francisco federal court, two Facebook users accused the company of skirting Apple’s 2021 privacy rules and violating state and federal laws limiting the unauthorised collection of personal data. A similar complaint was filed in the same court last week.

The suits are based on a report by data privacy researcher Felix Krause, who said that Meta’s Facebook and Instagram apps for Apple’s iOS inject JavaScript code onto websites visited by users. Krause said the code allowed the apps to track “anything you do on any website”, including typing passwords.

Responding to the report, Meta acknowledged that the Facebook app monitors browser activity, but denied it was illegally collecting user data.

According to the suits, Meta’s collection of user data from the Facebook app helps it circumvent rules instituted by Apple in 2021 requiring all third-party apps to obtain consent from users before tracking their activities, online or off.

Apple’s privacy changes cut deep into Meta’s ability to collect user data from iOS users, costing it US$10-billion in its first year, according to the Electronic Frontier Foundation.

The Facebook app gets around Apple privacy rules by opening Web links in an in-app browser, rather than the user’s default browser, according to Wednesday’s complaint.