This application is available for Android here. This app was designed to share your photos and videos, and keep up with your friends and interests. The latest build was released on January 24, 2017 related to v10.5 (updated released on February 1st, 2017).
Beware of using previous releases, because all your media data is transferred ‘as is’ without protection and rest data items are vulnerable for intercepting (MITM attacks) with crafted certificate and installed on the device as trusted. Have a look
The current release protects the network data items except for media data. The media data is still transferring ‘as is’ without protection. However, the rest data items are protected by SSL Pinning that means a weakness if you have a rooted device only.
Findings Summary
Our examination revealed total 42 items, where were 14 DAR items and 28 DIT items found. Among DAR items were found 0 worst items, 14 bad items, 0 good items, and 0 best items. Among DIT items were found 6 worst items, 0 bad items, 22 good items, and 0 best items.
Below you find 3 infographics summarizing what we described above. Each image provides information about both DAR and DIT items.
Now let’s go deeper and examine each data item’s protection level.
Continue reading “Instagram (Android / Google Play) on Jan 26, 2017 (upd. on Feb 3th)”