fbpx
Login Screen

App developer apologises following Google and Apple ban

Login Screen

App developer apologises following Google and Apple ban

The author of an app that harvested the usernames and passwords from Instagram has offered a public apology for his deeds.

InstaAgent, created by Turker Bayram, was taken down from app stores following the discovery that it had copied personal account details. InstaAgent, which informed users on who had viewed their profiles on Instagram, had risen to the top of the free app chart in the UK and several other countries before being removed.

However, on November 10th, a German developer for the iOS platform, David Layer-Reiss, tweeted evidence that the app was “hacking” personal information.

Bayram was contacted by the BBC the following day, but “failed to explain his actions”, according to its website. The day after, he offered an apology online.

He explained that he had tried to devise a way in which to promote the app, which demanded a fee from users if they wished to view more than three people from the number that had browsed their Instagram pictures. He created a feature that allowed people to use this function for free in exchange for allowing InstaAgent to be promoted on their feeds. He changed his mind, however, stating:

“It was not a good idea. We didn’t publish because we learned that Instagram wasn’t allowing private APIs [application program interfaces] for third party applications’ usage.”

Even so, he said, his app started to post ads to accounts. Adding it was a “terrible experience”, he sought to calm fears by stating that passwords were not saved to unauthorized servers.

Even so, Instagram itself has advised its users to get rid of the app from their devices and change their password. Alan Woodward, a security consultant, said:

“For a third-party app to send your password to an external server is at best a way of circumventing the policy of that social media service. At worst it is simply a means of grabbing your password for nefarious purposes.

“The particular way in which this app was sending user credentials to an unknown server seems highly unorthodox.”

Get in touch

Please enable JavaScript in your browser to complete this form.
Acceptance

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

>

Book a consultation with Engage Web