Android Police, the news portal has discovered yet another problematic API misusing application, for Instagram users trying to pry into private accounts’ contents. Following their revelation, a Facebook spokesperson said that the developer would be investigated and sent a cease and desist letter.
Called ‘Ghosty’, with a mere admission of the username and password of an Instagram account you’re accessing the platform from, it shall provide you unapproved access to a private Instagram account. While this is alarming in itself, multiple users, over 5,00,000 to be specific, who downloaded the app probably didn’t feel so.
The app created for itself a self-sustaining mode of operation. For every user who wanted to sign up, they were prompted to invite another to use it. Thereby gaining access to more private accounts that the newest user followed, whose data would be farmed. In doing so the app has violated specifically the rule “You can't attempt to buy, sell, or transfer any aspect of your account (including your username) or solicit, collect, or use login credentials or badges of other users." from Instagram terms of service.
While Instagram’s has said that it will t investigate the developer now, it is unusual that despite being available on the App store for over an year, neither Google nor Facebook executives took any action against