Apple’s approval process for the App Store is supposed to safeguard users, but one slipped through the cracks. An Instagram app named InstaAgent — with nearly 500,000 downloads from the Play Store — was reportedly sending user login info to a remote server.
InstaAgent is supposed to let you know who may have viewed your profile. It seems to have taken your Isntagram credentials and keeping them on a remote server.
If the motives seem unclear, we do know the app was using credentials to log-in and post unauthorized spam images to Instagram. Other than that, we’ll assume the worst just to be safe.
— David L-R (@PeppersoftDev) November 10, 2015
A popular app in the UK and Canada, InstaAgent hasn’t made much headway in the US. It’s not clear how many iOS users InstaAgent has, but another 500,000 or so would likely be a safe assumption.
And of course, if you’re using InstaAgent, it might be time to stop. Be sure to change your password as well.