Skip to main content

Instagram cracks down on third-party apps after password thefts

Instagram cracks down on third-party apps after password thefts

Share this story

Third-party Instagram developers just got some very bad news. Today, the service announced major revisions to its API policy, effectively killing off an entire class of Instagram-reader apps and instituting serious restrictions on any apps that remain. According to the announcement, the changes are being made "to improve people’s control over their content and set up a more sustainable environment built around authentic experiences on the platform.

In practical terms, it means that as of today, Instagram has stopped taking applications from new apps that want to integrate with the service. When applications reopen in December, only certain functions will be allowed. Instagram will still permit for photo-editing apps and services that pull from photos you've posted yourself, but any app that pulls in a full Instagram feed will be axed by the new restrictions. Existing apps will have until June 1st to comply with Instagram's new policies and undergo the new review process.

The move comes just days after a third-party Instagram reader called InstaAgent was caught transmitting usernames and passwords in clear text, potentially compromising hundreds of thousands of users. Instagram itself wasn't responsible for the security failure, and specifically warns users against allowing access to third-party apps like InstaAgent for just this reason. Still, it was a serious security problem for many users on the service, only resolved when the app was forcibly removed from iOS and Google Play app stores.

Instagram isn't the only app to face security issues with third party apps. Snapchat made a similar move in April, six months after researchers raised public concerns about the security of its API.