Apple pulled the popular Instagram profile analyzer from the App Store on Tuesday after it found it harvesting usernames and passwords. A German developer discovered the malware and Apple quickly pulled it. The app was apparently sending information, unencrypted, to a remote server. Apple has always portrayed the "closed" App Store as protection against such malware, but it looks like nobody is completely safe.
Even though iOS has few instances of malware, this is just another in a string of several compromised apps that got past Apple's controls.
igging into the app's code revealed sensitive account information being sent unencrypted to a remote server, instagram.zunamedia.com, and in some cases used to log in and post unauthorized photos to users' Instagram feeds. David L-R notes the remote server is not connected to Instagram's official network.
Even though iOS has few instances of malware, this is just another in a string of several compromised apps that got past Apple's controls.