Apple Apple pulls Instagram client 'InstaAgent' malware discovery

I read that this app was also pulled from the Android Play store too.


Sent from my iPhone using Tapatalk

 

I don't know how you protect against this kind of Malware on iOS or Android ( and all others).

If you download an app to grab Instagram photo ( one example), you have to give that app access to your Instagram feed. After that you lost control of your Instagram account.

Tapatalk could do the same. ( so all bad posts were not from me!)


Sent from my iPhone using Tapatalk

 

With a properly implemented OAuth it is possible to give those apps say read-only access. They will also never even see your username & password. It's a pretty common scenario and you may've seen plenty of "sign in with your Google/Facebook/Twitter account" options on different sites. Those types of sign-ins never expose your Google/Facebook/Twitter password to the app and you can revoke the apps access from your Google/Facebook/Twitter at any time.

I don't know what kinds of APIs and OAuth integration Instagram has implemented but it doesn't sound like this app was using OAuth at all.

 

InstaAgent's creator apologises after Apple and Google ban

http://www.bbc.com/news/technology-34797865

@dmapr, arguably you know more about writing code than I. I think most of these tie in apps ask for your permission to access Instagram ( owned by FaceBook now). So doesn't dissolve any protection one might have? One time and forever?


Sent from my iPhone using Tapatalk