Apple and Google remove third-party Instagram app from their stores for stealing passwords


Posts: 5,682   +43
Staff member

Apple and Google have removed a popular third-party Instagram client called InstaAgent from their app stores after an iOS developer discovered that it was harvesting the usernames and passwords of Instagram members.

The ‘Who Viewed Your Profile – InstaAgent’ app claimed, as the name suggests, to be able to show Instagram users who had viewed their accounts/photos. But according to a series of tweets by Peppersoft developer David L-R, InstAgent had been sending users’ log-in details in cleartext to remote server This address is not connected to Instagram in any way, despite its name. Furthermore, David also discovered that the app could log into users’ accounts and post photos and spam to their feeds.

Although not hugely popular in the US, InstaAgent was downloaded half a million times worldwide and was particularly well-liked in both the UK and Canada, where it became the number one app in its category. Google responded quickly to the discovery, removing InstaAgent soon after its malicious intentions were revealed. Apple took a little longer but finally removed all trace of the app a few hours after David’s tweets.

The incident should serve as a warning to anyone considering downloading similar unofficial third-party apps and services. Apple and Google have yet to comment on how InstaAgent managed to slip past their usually stringent app scrutiny and become so popular in their app stores, although it’s certainly not the first time malicious software has managed to get past the companies’ review process.

Anyone who has downloaded InstaAgent is advised to uninstall the app and change their password. If any other online services use the same login credentials, as so often is the case, then it would be a good idea to change those as well.

Permalink to story.



Posts: 8,645   +3,281
I guess Googles & Apples app scrutiny isn't quite as stringent as they'd have us believe. I guess it's back to the drawing boards again but not before they tell us "We take our customers security and privacy very, very seriously"... again.
Last edited:

alabama man

Posts: 563   +354
Google and stringent app scrutiny.... There's the same asset pack sold 3 times with same name on top sellers list (unitz). It's also sold under 6 different names on steam. The part of renaming asset pack and selling it isn't illegal but it's strange it's 3 times on top seller list under same name with 3 different prices.