Industry News

Stalking App Ghosty on Android Allowed Users to See Private Instagram Accounts

An application that would allow users to spy on Instagram private profiles was removed from the Google Play Store after Facebook took notice.

Ghosty was an Android app that allowed people to access some private Instagram profiles, even though the social network’s terms of service prohibit this action. After Facebook threatened to send a cease and desist letter, the application was quickly removed from the store.

People who keep their social media accounts private have to trust companies to respect their wishes. A rogue app should not have access to that kind of information, and Instagram, in this case, didn’t allow such access. So how did Ghosty bypass the privacy filters?

We often hear of the takeover of some celebrity’s Instagram or iCloud accounts, but it’s incorrect to assume they were hacked. Usually, attackers gain access to other user’s accounts by guessing the password or by using already-leaked information. Year after year, the list of the most used passwords remains the same, so it’s no wonder that some popular accounts are compromised.

In the case of Ghosty, humans are also to blame. The app developer exploited the one thing that gave him access — people’s trust. Ghosty would require users to provide access to their profile and invite other people, according to a BBC report. When someone with access to a private profile joined the network, everyone would get the same access. Moreover, the application was running off a subscription model, charging money.

“Yes, this app violates our terms. This functionality has never been available through our API,” a Facebook spokeswoman told the BBC. “We will be sending a cease and desist letter to Ghosty ordering them to immediately stop their activities on Instagram, among other requests. We are investigating and planning further enforcement relating to this developer.”

While the Ghosty app disappeared from Google Play soon after Facebook’s statement, it’s unclear whether it was voluntary or if it was taken down.

About the author


Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between. He's passionate about security and the way it shapes the world, in all aspects of life. He's also a space geek, enjoying all the exciting new things the Universe has to offer.