App was apparently sending passwords to an unknown server.
A popular app has been pulled from Apple and Google’s stores after being accused of stealing users’ passwords.
Who Viewed Your Profile-InstaAgent had topped the free app charts in several countries including the UK.
But on Tuesday, another developer posted evidence that it was copying people’s Instagram usernames and passwords and sending them to an unknown server.
He said these were used to post spam to people’s Instagram accounts.
Apple and Google both declined to comment.
The BBC obtained contact details for the app’s creator, who registered the product under the name Turker Bayram.
However, the person who answered the Turkish phone number said he had poor English, did not reply to questions and walked away from the call.
The photo-sharing app Instagram is owned by Facebook. It’s thought that hundreds of thousands of its accounts had been compromised.
Instagram told the BBC: “These types of third-party apps violate our platform guidelines and are likely an attempt to get access to a user’s accounts in an inappropriate way. We advise against installing third-party apps like these. Anyone who has downloaded this app should delete it and change their password.”
To confuse matters, there is another app available for iOS by a different Philadelphia-based developer, which is also called InstaAgent.
It remains available for download, although at least one review suggests people are confusing it with the pulled product.
“I wasn’t aware of another app with a similar name until I started receiving support requests for behaviour that’s impossible for my app to produce,” Craig Pearlman told the BBC.
“It’s especially troubling given the scrutiny iOS apps are subjected to before being approved for the App Store. I may need to consider renaming mine now.”
Source: http://www.bbc.co.uk/
