Welcome to Our WirelessAdvisor Community!

You are viewing our forums as a GUEST. Please join us so you can post and view all the pictures.
Registration is easy, fast and FREE!

Apple Apple pulls Instagram client 'InstaAgent' malware discovery

Discussion in 'APPLE iPhone, iPad Tablets and all iOS Devices' started by palandri, Nov 11, 2015.

  1. palandri

    palandri Former Palm Guy

    Joined:
    Nov 17, 2009
    Messages:
    1,164
    Likes Received:
    845
    Location:
    Chicago
    My Phone:
    Pixel 4
    Wireless Provider(s):
    Project Fi
    charlyee likes this.
  2. viewfly

    viewfly Mobile RF Advisor
    Senior Member

    Joined:
    Jun 22, 2003
    Messages:
    5,999
    Likes Received:
    848
    My Phone:
    iPhone XS Space Grey
    Wireless Provider(s):
    AT&T; Tmobile SIM only
    I read that this app was also pulled from the Android Play store too.


    Sent from my iPhone using Tapatalk
     
    palandri likes this.
  3. viewfly

    viewfly Mobile RF Advisor
    Senior Member

    Joined:
    Jun 22, 2003
    Messages:
    5,999
    Likes Received:
    848
    My Phone:
    iPhone XS Space Grey
    Wireless Provider(s):
    AT&T; Tmobile SIM only
    I don't know how you protect against this kind of Malware on iOS or Android ( and all others).

    If you download an app to grab Instagram photo ( one example), you have to give that app access to your Instagram feed. After that you lost control of your Instagram account.

    Tapatalk could do the same. ( so all bad posts were not from me!)


    Sent from my iPhone using Tapatalk
     
    palandri likes this.
  4. dmapr

    dmapr Silver Senior Member
    Senior Member

    Joined:
    Dec 4, 2006
    Messages:
    4,434
    Likes Received:
    1,136
    Location:
    Bay Area, CA
    My Phone:
    Pixel XL
    Wireless Provider(s):
    Verizon Wireless; MTS
    With a properly implemented OAuth it is possible to give those apps say read-only access. They will also never even see your username & password. It's a pretty common scenario and you may've seen plenty of "sign in with your Google/Facebook/Twitter account" options on different sites. Those types of sign-ins never expose your Google/Facebook/Twitter password to the app and you can revoke the apps access from your Google/Facebook/Twitter at any time.

    I don't know what kinds of APIs and OAuth integration Instagram has implemented but it doesn't sound like this app was using OAuth at all.
     
  5. viewfly

    viewfly Mobile RF Advisor
    Senior Member

    Joined:
    Jun 22, 2003
    Messages:
    5,999
    Likes Received:
    848
    My Phone:
    iPhone XS Space Grey
    Wireless Provider(s):
    AT&T; Tmobile SIM only
    InstaAgent's creator apologises after Apple and Google ban

    http://www.bbc.com/news/technology-34797865

    @dmapr, arguably you know more about writing code than I. I think most of these tie in apps ask for your permission to access Instagram ( owned by FaceBook now). So doesn't dissolve any protection one might have? One time and forever?


    Sent from my iPhone using Tapatalk
     
    #5 viewfly, Nov 13, 2015
    Last edited: Nov 13, 2015
    palandri likes this.

Share This Page

Copyright 1997-2018 Wireless Advisor™, LLC. All rights reserved. All registered and unregistered trademarks are the property of their respective holders.
WirelessAdvisor.com is not associated by ownership or membership with any cellular, PCS or wireless service provider companies and is not meant to be an endorsement of any company or service. Some links on these pages may be paid advertising or paid affiliate programs.

Positive SSL
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice