An application that would allow users to spy on Instagram
private profiles was removed from the Google Play Store after Facebook took
notice.
Ghosty was an Android app that allowed people to access
some private Instagram profiles, even though the social network’s terms of
service prohibit this action. After Facebook threatened to send a cease and
desist letter, the application was quickly removed from the store.
People who keep their social media accounts private have
to trust companies to respect their wishes. A rogue app should not have access
to that kind of information, and Instagram, in this case, didn’t allow such
access. So how did Ghosty bypass the privacy filters?
We often hear of the takeover of some celebrity’s
Instagram or iCloud accounts, but it’s incorrect to assume they were hacked.
Usually, attackers gain access to other user’s accounts by guessing the
password or by using already-leaked information. Year after year, the list of
the most used passwords remains the same, so it’s no wonder that some popular
accounts are compromised.
In the case of Ghosty, humans are also to blame. The app developer
exploited the one thing that gave him access — people’s trust. Ghosty would
require users to provide access to their profile and invite other people,
according to a BBC report.
When someone with access to a private profile joined the network, everyone
would get the same access. Moreover, the application was running off a
subscription model, charging money.
“Yes, this app violates our terms. This
functionality has never been available through our API,” a Facebook
spokeswoman told the BBC. “We will be sending a cease and desist letter to
Ghosty ordering them to immediately stop their activities on Instagram, among
other requests. We are investigating and planning further enforcement relating
to this developer.”
While the Ghosty app disappeared from Google Play soon
after Facebook’s statement, it’s unclear whether it was voluntary or if it was
taken down.