A popular iOS and Android app that promised to generate torrents of Instagram likes and followers for its users also swiped thousands of passwords for the service, and is now being called a massive scam.
InstLike promised to dramatically boost likes and followers for anyone’s Instagram feed, in return for cash. Each day users got 20 virtual coins (1 coin per like, 10 coins per follower) after which they could buy more coins at a going rate of $1 per 100 coins. The more you spent, the more genuine likes and followers you could get. Sounds like a good deal right? Well, not really.
The app worked like a pyramid scheme. Users had to divulge their Instagram password to sign up; those passwords then allowed InstLike, despite its promise that they “don’t steal your account,” to generate activity at will. Users discovered that not only were their photos racking up more likes, they were liking a lot more stuff, mostly images they had never seen.
Even after leaving InstLike, users still reported ‘liking’ photos they had never seen. Since the app still had your password, it could continue liking photos and following accounts for you remotely.
InstLike was one of the top-grossing apps in both iTunes and Google Play for a while last month, racking up at least 100,000 and maybe as many as 500,000 downloads before it was removed from the stores recently.
Automated content violates Instagram’s terms of service, and security firm Symantec — the company that discovered how InstLike worked and reported it to both Apple and Google — is now suggesting that anyone who downloaded InstLike should remove the app immediately and change their Instagram password.
“If you’re willingly giving out your login credentials for you social media accounts, that’s bad security policy,” Satnam Narang, a security researcher at Symantec, told Mashable. “It’s just very interesting to see what length people will go to in order to get Likes in their photos.”