Instagram’s new API policy toughens access to its feed

Instagram has announced a number of significant changes to its API policy, effectively making it a lot harder for third-party developers to gain full access to its application program interface.

It explained that these platform modifications are about “improving people’s control over their content”.

Starting in December, Instagram will begin to review existing and new apps before it decides to grant full API access.

“We’ve heard from the community that it can be unclear where their content is being shared and viewed, so today we are deprecating the /users/self/feed and /media/popular API endpoints for new apps,” the photo and video sharing social network went on to say.

“Existing apps will have until the end of the review period before access to the endpoints is terminated.”

“Existing apps will have until the end of the review period before access to the endpoints is terminated.”

Interestingly, news of this comes on the back of the revelation last week that a malicious app was storing details from the service’s users – including names and passwords – without them knowing about.

It was then sending this information to an unknown server and, worryingly, this data was not encrypted.

The app, which went by the name InstaAgent, marketed itself as offering Instagram fans the ability to find out who had viewed their account.

It was unsurprisingly popular on its launch. Available on both Apple’s App Store and Google Play, it became, at one point, the most downloaded free app in the UK and Canada.

The app has since been taken off both websites, but it is likely that hundreds of thousands of Instagram users have been compromised as a result of downloading InstaAgent.

“These types of third-party apps violate our platform guidelines and are likely an attempt to get access to a user’s accounts in an inappropriate way,” Instagram told the BBC on November 11th.

“We advise against installing third-party apps like these. Anyone who has downloaded this app should delete it and change their password.”

Author , We Live Security

Follow us

Copyright © 2016 ESET, All Rights Reserved.