This article was published on November 19, 2019

Instagram cracks down on app that allowed users to stalk private profiles


Instagram cracks down on app that allowed users to stalk private profiles

Instagram is cracking down on an app that allowed users to look into private profiles without their permission.

According to Android Police, the Facebook-owned photo-sharing network has confirmed that the app — named Ghosty — violates its terms. It also added it will be sending a cease and desist letter to the app makers “ordering them to immediately stop their activities on Instagram.”

Available on both Android and iOS, Ghosty describes itself as a means to “view all the profiles you want to view including hidden profiles on Instagram,” alongside letting users download or share photos and videos from Instagram profiles to their devices.

To make matters worse, the app abuses the Instagram API to create a database of user profiles. It not only requires you to sign in with your Instagram login credentials, but also lures you into inviting your friends, at least one of whom also had to sign up.

This way it grants access to the accounts you follow as well as any other private accounts your friends might be following — effectively invading yours and your friends’ privacy.

In other words, Ghosty won’t let you peek into a random private profile, as its reach is technically limited by those of its users who have logged into the app with their Instagram usernames and passwords.

Although the offending app has been taken down from the Google Play Store, a simple Google search shows that it continues to be available on unofficial third-party app stores. On the Apple App Store, searching for the app highlights its name in the autocomplete suggestions, but the app is no longer available.

Ghosty had been downloaded at least 500,000 times on Android since its launch in April. The iOS version, on the other hand, appears to have gone live early October, according to app analytics firm Sensor Tower.

The development comes a week after Apple removed Like Patrol from its App Store, a stalker app that notified users of their friends’ activities — including the posts they had liked and who they had recently followed.

It’s worth noting that Instagram no longer has the “Following” tab, which allowed your friends and followers to see who you have been following and the posts you have been liking on the social network.

The fact that Ghosty harvested user accounts raises serious privacy concerns, and it’s surprising the app sneaked past Apple and Google’s vetting mechanisms. For Facebook, the incident underscores the need for scrutinizing third-party app developers more rigorously before granting them access to its APIs — lest it wants to walk into another Cambridge Analytica.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with


Published
Back to top