Android devices are fan favorites for their customization potential and seamless integration with Google applications. And with Apple in the spotlight for serious privacy concerns, many also hoped Google-owned Android might offer a stronger commitment to data security. 

A recent class action lawsuit says this isn’t the case, claiming Meta utilized Android’s security weaknesses to harvest user data. Plaintiffs allege this was done for targeted advertising and monetary gain—without user consent.

Initially filed by California resident Devin Rose in June 2025, the lawsuit now includes a number of plaintiffs. Google is named as an additional defendant, and web analytics company Yandex Metrica is called out for its alleged participation (though the Russian company is not currently a defendant). 

Notably, plaintiffs demand a jury trial, highlighting the outrage they believe the allegations will provoke. If the threat of a jury trial doesn’t pressure Meta and Google to settle early, a favorable ruling may also provide higher payouts, especially in punitive damages.

Meta Tracking Pixel Lawsuit: The Case Against Facebook and Instagram’s Parent Company

According to the lawsuit, Meta and Yandex “actively breached users’ privacy for their own profit.” The companies are accused of “exploiting holes in Android software to link users’ anonymous online-browsing activity with identifying information saved locally on Meta and Yandex mobile applications on their devices.” 

Meta and Yandex purportedly accomplished this de-anonymization via technology frequently used for advertising purposes: cookies, third-party tracking scripts, and pixels. 

• Cookies are small text files placed on a user’s device by a website to track online activity. Third-party cookies frequently have unique IDs that identify and track users across websites.
• Third-party tracking scripts are pieces of code hosted by an external source placed on a website to collect user data.
• Tracking pixels are invisible, single-pixel images placed on a webpage that gather user and behavior information. 

The Meta Tracking Pixel in particular is named in the lawsuit. It is used by Meta to collect user information (including interests, demographics, and behavior), which is then linked back to their personal Facebook or Instagram accounts. This way, the tech giant is able to associate users’ net-wide activity with their Meta profiles—allowing for targeted advertisements and algorithms. The Meta Pixel is reportedly installed on an astounding 5.8 million websites. 

Google’s Role In The Android Data Tracking Lawsuit

Though the data harvesting and security exploitation were allegedly conducted by Yandex and Meta, Android browsing data should have been protected by Google, plaintiffs say. “Google negligently failed to stop [Meta and Yandex] and misrepresented the privacy protections available to Android users,” states the lawsuit.  

Typically, Meta and Yandex should not have been able to link user app profiles and web browsers under a security principle called “sandboxing,” which says apps and websites must not interact with one another. By operating in their own “sandboxes,” apps and websites are unable to collect data from each other to violate user privacy. 

But the lawsuit says Android’s “overly permissive” operating system allowed developers to bypass this essential security commandment—and that Google is at fault for failing to anticipate the outcome. Yandex and Meta were even allegedly able to overcome actions taken by users to keep their online activity anonymous, such as disabling cookies or using Chrome’s Incognito Mode.  

It’s no surprise that customers trusted Google with their personal information—the powerful corporation has been extremely vocal about data protection. Google makes a variety of claims, like “It’s our responsibility to protect your privacy,” and markets its devices as security-centered. Plaintiffs believe this seemingly performative focus on privacy protection makes Google’s failure to act that much more egregious.

More than broken trust: Meta ECPA Violation and beyond

The class action complaint says that the alleged non-anonymous user tracking violated multiple laws, including the: 

• Electronic Communications Privacy Act
• California Computer Data Access and Fraud Act
• California Invasion of Privacy Act
• Unfair Competition Law
• California Business & Professions Code
• California Consumers Legal Remedies Act

The allegations don’t stop there. Google and Meta are also accused of negligence, unjust enrichment, and invasion of privacy. 

Who Was Affected By The Meta Privacy Violation?

Millions of Android users nationwide may be considered class members under the Facebook Instagram tracking class action. The class action was only recently filed, so affected parties are not yet able to make claims. 

However, you may be eligible if, between September 2024 and June 2025: 

• You used an Android device with Facebook or Instagram apps installed, and
• You visited a website hosting the Meta Tracking Pixel

Though many of the laws allegedly violated appear state-specific, individuals should note that this is not just a California privacy lawsuit. Android users across the United States may qualify to make a claim as the litigation progresses through the legal system.

What’s Next For The Meta Class Action?

The lawsuit is currently in the early stages of litigation, and the road to accountability in these types of cases can be long. Google and Meta may try to have the case dismissed or negotiate a settlement. It’s also possible the case will proceed to trial, as demanded by the plaintiffs. 

Following a potential settlement agreement or favorable trial, class members should be notified of their eligibility to file a claim. Qualifying individuals may receive an emailed notice, mailed postcard, or see the settlement page promoted online.

Meta and Google have yet to respond to the allegations made in the class action lawsuit. Still, their silence doesn’t stop plaintiffs from seeking justice—for themselves and millions of other Android users across the country.