I don't use the app and I don't intend to install it to verify your claim. Assuming the description is accurate I regard that as a kind of phishing. Users who fall for it think they are typing their password into some website, but in reality they are typing their password into an app controlled by Meta.
Security aware users can protect themselves against this in the same way they protect against other phishing attacks. If you need to log in on a website you don't do it using a link you received through email, Facebook, or other similar channels.
Instead you open the login page using a browser bookmark. Once logged in you can open the link you received if it is from a trustworthy source. If you are then prompted with a login page you know it's phishing.
This assumes there aren't other security vulnerabilities in the browser or the platform. If the Meta app can access browser data in a way that bypasses the security measures I mentioned here, then that should be regarded as a serious security vulnerability in the browser.
Security aware users can protect themselves against this in the same way they protect against other phishing attacks. If you need to log in on a website you don't do it using a link you received through email, Facebook, or other similar channels.
Instead you open the login page using a browser bookmark. Once logged in you can open the link you received if it is from a trustworthy source. If you are then prompted with a login page you know it's phishing.
This assumes there aren't other security vulnerabilities in the browser or the platform. If the Meta app can access browser data in a way that bypasses the security measures I mentioned here, then that should be regarded as a serious security vulnerability in the browser.