Apple, Google Remove Instagram Password-Stealing App

A third-party Instagram app designed to steal passwords was briefly the most downloaded app on the Apple App Store before it was removed.

Google was first to remove the app before Apple quickly followed suit. Before the tech giants could act the app had already become the top-grossing app in Apple’s App Store and had been downloaded over 500,000 times from Google Play, writes Liam Tung for ZD Net.

Developer uses Twitter to raise the alarm

An iOS developer known as David L-R was the first to notify the companies about the app, called “Who Viewed Your Profile – InstaAgent.” He took to Twitter to detail how the app was storing Instagram logins and sending them to a remote server.

According to MacRumors InstaAgent became the top free app in the UK and Canada, but was less of a hit in the U.S. While 500,000 downloads were logged from Google Play, Apple does not release download numbers from its App Store. David L-R claims that the number would be vaguely similar on both stores.

The app claimed to be able to show who were the top 100 viewers of your Instagram profile, and would charge over $10 through in-app purposes for the promised capability. This is far from the first time that a malicious app has been brought to the attention of Google and Apple.

App store security a worry for Apple and Google

Google has in fact been criticized for an app review process that many claim is less strict than Apple’s. This time around both tech companies failed to flag the app until many people had installed it and potentially paid money for a non-existent service.

Apple also came in for criticism after dozens of apps in the China app store were found to contain XCodeGhost malware. In this latest case it seems likely that neither company will pay the developer for the downloads that the malicious app received.

Google outlaws malicious scripts in its terms of service, and says “developers must not mislead users about the apps they are selling nor about any in-app services, goods, content or functionality they are selling”. Apple did not comment on the latest case but it is company policy to offer EU customers a 14-day refund period.

There is still hope that affected users will be reimbursed for their purchases.

For exclusive info on hedge funds and the latest news from value investing world at only a few dollars a month check out ValueWalk Premium right here.

Multiple people interested? Check out our new corporate plan right here (We are currently offering a major discount)

About the Author

Brendan Byrne
While studying economics, Brendan found himself comfortably falling down the rabbit hole of restaurant work, ultimately opening a consulting business and working as a private wine buyer. On a whim, he moved to China, and in his first week following a triumphant pub quiz victory, he found himself bleeding on the floor based on his arrogance. The same man who put him there offered him a job lecturing for the University of Wales in various sister universities throughout the Middle Kingdom. While primarily lecturing in descriptive and comparative statistics, Brendan simultaneously earned an Msc in Banking and International Finance from the University of Wales-Bangor. He's presently doing something he hates, respecting French people. Well, two, his wife and her mother in the lovely town of Antigua, Guatemala. To contact Brendan or give him an exclusive, please contact him at [email protected]

Be the first to comment on "Apple, Google Remove Instagram Password-Stealing App"

Leave a comment