Windows Phone Instagram client 6tag may leak your data

Version 1.0 of 6tag was released yesterday.

It was a refreshing sight to see an API compliant Instagram client being released on Windows Phone, as the Facebook owned company have continued to neglect users of the platform, however 6tag may not be as safe as it first appears. In the current version of the application, private data is sent to a server entirely unaffiliated with Instagram, which may give scammers on public wi-fi networks the chance to compromise your account.

The issues, reported by Within Windows, are accompanied by a complete lack of a privacy policy. This is against the Windows Phone App Certification Policy 2.8, and means that users have no guarantee that their data is secure. Most customers may have no idea, for example, that their videos are being held on 6tag's servers for up to 48 hours after publishing them, as this was not made clear by the developer in any documentation.

Luckily, developer Rudy Huyn has responded to these concerns and promised some changes in future updates. Cookies will be sent encrypted, for example. Nevertheless, with no privacy policy, we can't trust that there aren't more serious issues and vulnerabilities, so for the time being, it is strongly recommended that you avoid using the app, at least until an update is released.

At least this is another excuse to bug Instagram about building an official client.

Source: Within Windows | Image: Within Windows

Report a problem with article
Previous Story

Apple iCloud experiencing hiccups

Next Story

Microsoft's former Windows head now working with founder of Netscape

26 Comments - Add comment