I thought Facebook/Instagram used a WebView for their in-app browser on both iOS and Android? Which means they can do anything they want, including exfiltrate your browsing.
Safari View Controller keeps the users cookies from Safari and prevents this behavior. For most apps, keeping users logged in without leaving the app is preferred, so they give up the ability to inspect the contents of the page.
GP a was referring to a specific “web view” implementation that offers an almost-complete browser implementation and security on iOS. Facebook does not use this but a regular WebView
