Giving Your Passwords To Third-Party Apps: A Lesson From ‘InstLike’

An app promising free likes and followers for Instagram users has harvested the usernames and passwords from over 100,000 people who downloaded the app since June this year. The Apple and Google approved InstLike app directly asked users for their login credentials rather than using the Instagram API, and created a massive ecosystem of botnets that would like random photos and follow random users.

Security firm Symantec  subsequently alerted Google and Apple, who have both removed InstLike from their respective app stores.

This story serves to highlight what can be a tricky situation for both app developers and app users. Any third-party app that you download to enhance or expand your use of a service such as Instagram (or for that matter Facebook, Twitter etc) would need you to login to your account. However, how do you know who you can trust?

If the app developers are playing by the book, any logging in to a network should be done through that respective network’s API. However in reality it’s not hard for people to create something that looks very similar to those login screens, which might convince the slightly less privacy conscious users that they’re logging in through the normal channels. This appears to be what we’ve seen with InstLike, which saw users submitting their usernames and passwords directly to the developers.

It’s tough on the legitimate app developers as well as the users, as stories like this foster an environment of distrust against any app that requires the user to login via an online account. Adhering to the APIs is one thing, but making sure that your audience realises that you are one of the good guys is another.

With more people choosing to remain logged in to their accounts on their own devices, it’s easy what the actual login screens look like. Just to refresh your memory, here are how five of the most common login/authorisation screens appear:

Facebook Authorisation LinkedIn Authorisation Twitter Authorisation Instagram Authorisation Google Login

At SocialSafe your privacy, trust and peace of mind mean a huge amount to us. That is why we never see nor store any of your data, nor do we ever have access to any of your login credentials. All of the content that you choose to back up from your social networks is downloaded directly from the host network in adherence with the respective APIs, and it is stored on your own machine where you have complete control over your data.

If you ever have any questions about how SocialSafe works and what this means in terms of privacy and social network access, then we are always happy to talk to you about this. Just get in touch via one of our social platforms (Facebook, Twitter, LinkedIn, Google+) or leave a comment below.

7 thoughts on “Giving Your Passwords To Third-Party Apps: A Lesson From ‘InstLike’

  1. Intagram Followers! Instagram has more than one hundred Million users, which is obviously a
    good deal! Now do not you wish that a handful of 1000’s of
    the a hundred+ Million customers would comply with you??
    It cant be that challenging to obtain this contemplating the
    mass sum of consumers that use Instagram.

    That’s why I am instructing you all how to get endless Instagram followers!
    I have designed this exclusive instrument which will enable
    you to obtain a mass quantity of followers in a limited sum of time.

    I will be offering this to the local community out there for everybody to use!!
    To get your Instagram Followers, you will need to have to down
    load the plan from the website link underneath (virus scan is supplied under)
    As soon as you have downloaded it, you will just want to adhere to the quick tutorial I have made under!

    As soon as you have accomplished that, you will be
    1 action nearer to receiving 1000’s of Followers!!

    Like

  2. Welcome to the official 3DS Emulator Internet site!

    I’m certain all of you listed here have played video games on a 3DS.
    Really do not you all want you could engage in the sport on a greater display
    screen, these kinds of as your computer? Would not this make the recreation
    simpler and much more satisfying for you?
    I know it did for me!

    With our new 3DS Emulator, it enables customers to Emulate
    any 3DS sport on your pc or cell! This can make the recreation
    a lot easier to perform and so much far more fulfilling!
    Our 3DS Emulator will work with all platforms, such as Personal computer,
    MAC and Mobile! So you can appreciate the sport on any system!

    What makes us special is if you are actively playing on a 3D television or monitor, our EDS Emulator
    has Total 3D assistance! It will also improve the quality on any system,
    so you can enjoy your 3DS sport in Total High definition!

    There is a limited number of these hacks to go about, so don’t skip your chance.

    Right here we have a group of experienced coders constantly doing
    work to hold the 3DS Emulator up to date and doing work for all consumers!

    Like

  3. That of a wonderful graph. Regardless of the best attempts of the Planet Traditional bank your yearly armed
    forces budget provides always counted on Miley Cyrus naked to some
    degree, but today a lot more that will actually.
    From the gentle in this no cost trade need to be analyzed.
    Machiavellian politics is usually rife. Are usually the
    market leaders warranted inside pursuing in addition to retaining political power?
    Researching global interaction since the conclude of the one hundred year might be similar to noticing Miley Cyrus naked right now, and it is similar
    inside the 1800s.

    Like

  4. We are a flock a group of volunteers and opening a
    new scheme in our community. Your website provided
    us with helpful helpful and work on . You have a formidable job and our
    all the neighborhood be grateful to you .
    Undeniably believe that you said . Your favorite reason
    seemed to be on the web simple thing to account of .
    I tell you , i certainly annoyed same as any other people
    people think worries not understand about .
    You controlled and also out everything managed to hit
    the nail on the top without having side-effects ,
    people could take a signal. Will likely be back to get more.

    Thank you

    Like

  5. I must say it was hard to find your site in search results.

    You write awesome posts but you should rank your page higher
    in search engines. If you don’t know how to do it search on youtube: how to rank a website Marcel’s way

    Like

  6. Pls help some guy called me asking to confirm my order for followers and asked for my credit card should I be worried? I didn’t give it to him. I changed my password too.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s