Instagram Stealing App, InstaAgent, Yanked

November 11, 2015
Kevin Lam

An app called InstaAgent was published for both iOS and Android that promised users to give them visibility into who’s viewed their profiles. The problem was the app was storing username and passwords and then sending them to a remote server, thanks to the investigative efforts of a developer named David L-R. As a result, the app was yanked, but it had already been downloaded about 500k times.

Great work David! This just underscores the notion that just because it’s on the app store (Google, Apple or Windows), doesn’t mean the app is safe to use. When you submit apps to publish as we have, you just get asked a couple questions like what does it do, does the app use encryption, etc. But neither Google, Apple or Microsoft audit or check the security of your app — it’s impossible to review that many apps. So just be careful, when you download and run apps from the app store just make sure they are from companies you trust.

–Kevin