After Google and Apple Bans, InstaAgent's Founder Apologises


InstaAgent's creator apologizes following Google and Apple bans By Leo Kelion Technology desk editor



12 November 2015



The developer of an app that posts messages of spam to users' Instagram accounts has said that he made "a terrible mistake".



After another developer flagged that Turker Bayram's InstaAgent app was copying users' names, passwords and photo-sharing service credentials The app was removed from Apple and Google's App Stores.



But although InstaAgent used logins, Mr. Bayram says he is not saving them.



One expert said sending the passwords to a server that was not known was still "highly unusual".



'Not a good idea'



Before it was blocked, InstaAgent was the top app for free charts in several countries including the UK.



The software promised to allow users to check who has visited their Instagram profiles.



On Tuesday, David Layer Reiss, a German iOS developer, posted a series tweets that included evidence InstaAgent was stealing information from users.



Mr. Bayram was unable to explain his actions when he was phoned by the BBC the next day, and then posted a statement online in broken English.



He said the team was developing a new promotion strategy for the service.



The app was charging users the cost of to see more than three people who seen their photos.



Bayram stated that he was working on a feature which would have given full access for free for users who allow an InstaAgent advertisement show up in their feeds. However, Bayram decided to not activate it.



"It was not a good idea," he acknowledged.



"We didn't publish because we discovered that Instagram did not allow private APIs [application program interfaces] to allow applications that are third-party."



He also said that for reasons he "couldn't understand" the code continued posting ads to certain people's accounts.
886LV



"It was a terrible experience for us. He wrote that our application had removed both mobile markets.



He also said that those who have downloaded the app need not be concerned.



"Nobody's password was stolen. Your password [was] never saved [to] servers that were not authorized.



"But every time we apologise... [and in the future] must review the policies of our service providers carefully."



Security worries



Instagram, which is owned by Facebook, has warned users against using such bolt on services.



A spokesperson stated that anyone who downloaded the application should delete it and reset their password.



Security consultant Alan Woodward added that he was still concerned.



"Offering users an application to check who has visited their profile is a traditional method of luring users into installing malware," he said.



"For an app from a third party to send your password to an external server is, at best, an attempt to circumvent the rules of that social media service. It's at best, a means to steal your password for nefarious motives.



"The particular way this app was sending user credentials to an unidentified server is extremely unusual."



Top-charting app 'harvested passwords'



11 November 2015



Instagram



Alan Woodward

Public Last updated: 2022-10-08 09:17:50 AM

About Privacy Terms of Service Features Creator's Guide Buyer's Guide Resume Builder Free Fax Report Abuse
Download on the Apple Store   Get it on Google Play

© 2009-2026 aNotepad.com

aNotepad.com is your everyday online notepad. You can take notes and share notes online without having to login.
You can use a rich text editor and download your note as PDF or Word document.
Best of all - aNotepad is a fast, clean, and easy-to-use notepad online.