How to See What Someone Likes On Facebook?

I’m looking to monitor someone’s Facebook activity using a phone monitoring app, but I’m not sure exactly what it can track. For instance, can it show their likes on posts, pages, and reactions, or is that kind of activity limited or restricted?

If I wanted to set this up properly, what steps would I need to follow? Would I need direct access to their phone to install anything, or are there ways to track this remotely? I’m also wondering whether it’s possible to see activity that isn’t publicly visible, like private interactions or content they’ve liked that others can’t see.

Another thing I’m confused about is whether these apps still work if the person uses Facebook through a web browser instead of the mobile app. Does that affect what can be monitored or recorded?

Overall, I’d like to understand what’s realistically possible, what the limitations are, and how reliable these monitoring tools are for this kind of tracking.

Alright, let me be straight with you here. You cannot monitor someone else’s Facebook activity without their knowledge or consent..period.

Here is why this matters technically and legally:

Facebook encrypts all data in transit using HTTPS/TLS 1.3. Even if you were on the same Wi-Fi network, a basic packet sniffer like Wireshark would only show encrypted gibberish from Facebook’s servers. There is no readable data to intercept.

Facebook’s mobile app uses certificate pinning on both Android and iOS. This blocks man-in-the-middle (MITM) attacks even when using tools like mitmproxy or Burp Suite, unless you are working on a rooted/jailbroken device with Frida-based SSL unpinning which is deeply invasive and requires physical device access.

Phone monitoring apps that claim to show ‘social media activity’ operate in one of two ways:

1. They require the target device to be rooted or jailbroken, which voids warranties and is a legal grey area.
2. They are straight-up scams that take your money and deliver nothing.

From a legal standpoint, unauthorised access to someone’s device or account data violates the Computer Fraud and Abuse Act (CFAA) in the US, similar laws in Pakistan (PECA 2016), and the UK Computer Misuse Act. Penalties include fines and jail time.

If you want to monitor a minor child’s Facebook for parental purposes, the only legal method is open and transparent monitoring using parental control software installed with the child’s knowledge, on a device you own. Apps like Qustodio offer Facebook monitoring with child-visible notifications.

For anything else? Not possible legally, not really possible technically, and not worth it.

If you are trying to track a child you are responsible for, talk to them first and use transparent parental controls. If you are trying to track an adult, that is surveillance, and it is illegal.

yo SynapseVector121 is 100% right. i used to work in mobile app security for like 4 years and the number of people who come in asking this same thing…

Facebook does not expose like data through any public API anymore. They deprecated the Facebook Graph API v2.x features that used to let third parties read activity feeds. Since Cambridge Analytica fallout (2018), they locked everything down hard.

So even if you built a legitimate app and got Facebook developer approval, you still could not read another user’s likes. The permissions simply do not exist anymore.

Monitoring apps that claim otherwise are making false promises. I tested a few of these for a security audit at my old job, running on a Samsung Galaxy S21 FE (Android 12 at the time). Not a single one actually pulled real Facebook like data. One was literally just scraping the person’s public profile page and calling it ‘monitoring’.

For the browser vs app question, it makes no difference from a data-access standpoint. Both use the same backend APIs and the same HTTPS encryption. If anything, the browser version is slightly harder to intercept because it does not have a local SQLite cache like the app does.

So yeah. Not happening.

The Short Answer: No, Not Without Their Consent

Let me break this down properly because there is a lot of misinformation floating around, especially about monitoring apps.

How Facebook Protects Like Data

API-Level Restrictions

Since 2018, Facebook severely restricted its Graph API. Version 3.0 and beyond removed the ability for third-party apps to read user likes, reactions, and activity feeds, even with user permission in most cases. The API endpoint GET /{user-id}/likes now requires specific app review approval and only works for the app’s own users, not someone else’s account.

This means there is literally no programmatic way to pull someone’s likes unless they are logged into your own developer app and have explicitly granted that permission.

Device-Level Reality

On Android, the Facebook app stores some cached data in /data/data/com.facebook.katana/ but this path is only accessible with root permissions. On a stock Android 13/14 device like a Google Pixel 7 or Samsung Galaxy A54, this directory is sandboxed and completely inaccessible to any third-party app.

On iOS (iPhone 14, iPhone 15 series), the situation is even stricter. App sandboxing means zero cross-app data access without jailbreaking.

What About the Web Browser Version?

When someone accesses Facebook via Chrome or Safari on mobile, all data is transmitted over HTTPS. The browser stores some cookies and cache data locally, but this is also sandboxed per-browser and not accessible to external apps.

For Parents

If you are a parent and want to monitor your child’s Facebook activity on a device you own, the legal and transparent path involves:

1. Having an open conversation with your child about online safety
2. Setting up parental controls at the device level (Google Family Link for Android, Screen Time for iOS)
3. Using router-level monitoring like Circle Home Plus to see which apps are used and for how long
4. Enabling supervised accounts if your child is under 13 (Facebook actually blocks under-13s, but Instagram has supervised features)

For Account Security (Your Own Account)

If you want to audit your own Facebook activity or see your own like history, go to:
Facebook > Settings > Your Facebook Information > Activity Log

This shows everything, likes, reactions, comments, searches, chronologically.

Adding some context here since I work in network infrastructure (6 years in, currently at a mid-size ISP).

Even at the ISP level, we cannot see your Facebook likes. We can see DNS queries (so we know facebook.com was visited) and connection metadata (IP, ports, timestamps), but the actual payload is encrypted. We literally cannot read what you are doing inside Facebook even if we wanted to.

Deep Packet Inspection (DPI) tools that ISPs use like those from Sandvine can identify that the traffic is from Facebook (via SNI/TLS fingerprinting) but cannot decrypt the content. That is just how TLS 1.3 works. Forward Secrecy ensures that even if someone captures the encrypted session and later gets hold of the server’s private key, they still cannot decrypt past sessions.

So when people say ‘my router can see my activity’, it can see you visited Facebook. It cannot see what you liked or posted.

The only way to do deep content inspection is via an SSL inspection proxy, and that requires installing a custom root certificate on the target device. Which again… requires physical access and cooperation from the device owner.

None of this is a path to secretly monitoring someone.

bro i fell for one of those monitoring apps last year…

Paid like $40/month for mSpy thinking it would show me everything. Set it up on my old Xiaomi Redmi Note 11 (Android 11, not rooted). Know what it actually showed for Facebook? Nothing. Absolutely nothing.

The support team kept telling me i needed to root the phone for social media features. The entire ‘social media monitoring’ feature is LOCKED behind rooting on basically every one of these apps. And rooting a phone that someone is actively using without them knowing? That is not something you can just do casually. It takes hours, it voids the warranty, and the phone would need to be in your hands for a long time.

Even after all that, these apps inject into the Facebook process to read data from memory, which Facebook has started detecting and blocking through its internal security checks. So even rooted devices are increasingly unreliable.

Totally not worth it. Save your money.

I have been in mobile security for close to 6 years, currently working as a senior security engineer. I get asked about this constantly, so let me give a proper technical breakdown.

Facebook’s Security Architecture

Certificate Pinning

The Facebook Android and iOS apps both implement SSL certificate pinning. What this means in plain terms: the app hardcodes the fingerprint of Facebook’s server certificates. If any proxy or interception tool tries to inject a different certificate (as all MITM tools do), the app immediately rejects the connection and fails to load content.

Bypassing this requires:

• A rooted Android device with Magisk installed
• The LSPosed framework + a module like TrustMeAlready or SSLUnpinning
• Or on iOS: a jailbroken device with SSL Kill Switch 2 installed via Cydia

This is not a casual process. And Facebook has started doing integrity checks that detect Magisk and jailbreak indicators, so even these methods are increasingly unreliable on updated versions of the app.

Local Data Storage

On Android, Facebook stores data in /data/data/com.facebook.katana/databases/. There is an SQLite database here that, on older unpatched Android versions, used to store some activity data locally. On Android 12+ with encrypted storage (which is default on all Pixel devices, Galaxy S series, OnePlus 10+, etc.), this database is encrypted at rest using the device’s hardware-backed keystore.

Reading this database without root access is not possible. With root access, you may get partial data — but Facebook has moved more and more processing server-side, so local caches are minimal.

What About Parental Control Use Cases?

For parents who genuinely want to keep kids safe online, the right tools are purpose-built parental control apps that work transparently. These run at the OS level on devices the parent owns and controls, and are disclosed to the child.

Router-Level Monitoring

If all devices are on your home Wi-Fi, a router running pfSense or OPNsense with a logging plugin can give you:

• Time-on-site data for facebook.com
• Total data transferred to/from Facebook
• Connection frequency

This will not show likes or posts, but it gives you behavioral data without any invasive access.

Jumping in here because NeuroFluxis mentioned pfSense and I have actually done this setup at home

Running pfSense on an old Protectli VP2420 box connected to my main router. Set up the pfBlockerNG package with DNSBL and logging enabled.

What it tells me:

• Which devices accessed which domains
• Timestamps and frequency
• Blocked domains (ads, trackers)

What it does NOT tell me:

• What someone posted
• What they liked
• What they searched
• Any content whatsoever

For my situation (I am a parent of a 14 year old), this is actually pretty useful. I can see if the phone is connected to Facebook at 2am when it should not be. I can see if there is unusual data being transferred. Combined with Google Family Link on his Android device (Google Pixel 6a), I get enough insight for responsible parenting without going into full surveillance mode.

But yeah likes, reactions, specific posts? That data never leaves Facebook’s encrypted connection. The router sees nothing of that.

okay so i have a slightly different angle on this.

I do web dev and a bit of browser extension stuff on the side. Someone once asked me if you could build a Chrome extension that automatically logs what the user likes on Facebook. The answer is: you can, but only for the logged-in user themselves, not for someone else.

A Chrome extension with the right permissions can read the DOM of pages the user visits. Since Facebook loads like/reaction data into the DOM, an extension could technically capture ‘User liked Post X’ events by listening to click events or DOM mutations on the reaction buttons.

But here is the key thing: this only works for the person who has the extension installed and is logged in. You cannot remotely install a Chrome extension on someone else’s browser. Extensions are tied to the browser profile, and Chrome Web Store extensions go through review processes that would flag anything designed for covert tracking.

So if someone asked you to install a productivity extension that was secretly logging their Facebook activity… that would technically work. But that crosses into malicious apps territory and is illegal under the CFAA and similar laws everywhere.

Not useful for what OP is asking, but just adding the technical context.

I just want to address the specific question about ‘web browser vs app’ because it keeps coming up.

From a forensics standpoint, here is the actual difference:

Facebook App (Android):

• Leaves more local artifacts: SQLite databases, cached images, SharedPreferences files
• Some of this data is accessible on rooted devices
• But it requires physical access to the device and root

Facebook via Web Browser:

• Less local storage (just cookies, localStorage, browser cache)
• Browser storage is also sandboxed, one browser cannot read another browser’s data, and apps cannot read browser data at all
• In private/incognito mode: even cookies and cache are discarded on close

So from a data recovery perspective, the app leaves more breadcrumbs on the device. But neither version lets you remotely or quietly see what someone liked. The data exists either on Facebook’s servers or briefly in memory, neither of which is accessible without major security violations.

If someone is using Facebook in incognito mode on Chrome on an iPhone 15 Pro? There is basically zero local trace. Gone when the browser closes.

Real talk, I asked something similar like 2 years ago in a different forum and got a bunch of people trying to sell me on monitoring apps. Wasted a week going down that rabbit hole.

Here is what I actually found after testing multiple apps on a spare OnePlus Nord CE 3 Lite (Android 13):

Most of them DO work for basic phone monitoring calls, SMS, location, even basic app usage time. That part is real.

But when it comes to Facebook specifically? Every single one of them showed either:
a) Nothing at all (non-rooted devices)
b) Generic ‘Facebook was opened at 3:14pm’ logs (still useless)
c) Screenshots taken every X minutes (which is actually creepy and invasive)

None of them showed actual likes, reactions, or post content from Facebook. Because as everyone else here has explained, Facebook does not expose that data locally in a readable way.

Save yourself the time and money. If you are trying to have better visibility into what a family member is doing online, a direct conversation is more productive than anything tech can offer here.

One thing nobody has mentioned yet, Facebook’s own built-in tools for your own account.

If the question is about checking your OWN Facebook activity (maybe you forgot what you liked or want to audit your own history), this is all available natively:

1. Go to facebook.com on desktop
2. Click your profile > then ‘Activity Log’
3. On the left sidebar you will see filter categories including: Likes and Reactions, Comments, Posts, Search History, Videos Watched
4. You can filter by date range and export some data via Settings > Your Facebook Information > Download Your Information

The data export (JSON or HTML format) includes your likes, reactions, post history, comments, messages (partially), and more. It is actually quite comprehensive for your own account.

On mobile, same path: Menu > Settings > Your Facebook Information > Activity Log.

This is the only legitimate and complete way to see full like history. It is your own data. Facebook is legally required to give it to you under GDPR (if you are in Europe) and similar frameworks.

Just clarifying in case anyone landed here wanting to check their own activity rather than someone else’s.

The bit about certificate pinning by NeuroFluxis is something more people should understand. I studied this in a network security course last year.

Basic HTTPS: Your device trusts any certificate signed by a recognised Certificate Authority (CA). This is how 99% of HTTPS works.

Certificate Pinning: The app hardcodes which specific certificate it will trust. It ignores the CA system entirely. Even if you install your own CA (what all MITM tools do) and sign a fake certificate for facebook.com, the app sees ‘this cert was not pinned, reject it.’

This is why tools like Charles Proxy or mitmproxy work fine on regular HTTPS traffic but fail on pinned apps without additional exploitation steps.

Facebook implemented this specifically to prevent third-party snooping on its traffic, including from device owners themselves. You cannot read your own Facebook traffic in transit even if you try on your own device without bypassing pinning.

So yeah. Even technically sophisticated users with legitimate reasons cannot easily do this. For someone without those skills trying to do it covertly? Completely out of reach.

If the actual concern is keeping a teenager safe on Facebook, here is a workflow that actually works and does not require any grey-area tools:

Step 1: Device ownership matters. If the device belongs to you (as a parent), you have legal authority to install monitoring software on it with disclosure.

Step 2: Set up Google Family Link (Android) or Screen Time (iOS) at the device level. Both give you app usage time breakdowns, including time spent on Facebook.

Step 3: Use router-level DNS filtering. Cloudflare for Families (1.1.1.3) or OpenDNS FamilyShield can block or log DNS queries at the network level. Free, no hardware required.

Step 4: Enable the Facebook Supervision feature. Meta has a built-in supervision tool for teens. The parent account can see who they are messaging, set daily time limits, and get activity reports. It is opt-in and the teen knows about it.

Step 5: Talk to them. Seriously. Every security researcher I have met says the most effective thing is communication, not surveillance.

None of this shows specific likes in real-time. But you get meaningful safety oversight without breaking the law or your relationship.

late to this thread but just want to say this is probably the most technically accurate forum discussion I have seen on this topic

Every reply in here is solid. And the fact that so many monitoring app companies are still marketing ‘Facebook like tracking’ as a feature in 2025 is genuinely misleading.

I checked the landing pages of a few of these apps recently and they all have vague language like ‘view social media activity’ without explaining that this means app-open timestamps at best and requires root at worst. Classic dark pattern marketing, technically not lying but absolutely misleading.

For anyone who ended up here from a search engine: the short version is
— Facebook like data is encrypted, server-side, and not exposed to third parties
— Monitoring apps cannot access it on non-rooted devices
— Legal parental monitoring exists through transparent tools like Google Family Link and Meta’s own supervision features
— Any app claiming otherwise is overselling what it can actually deliver