The damage to users’ privacy that Facebook has caused may be irreparable; however, the company will implement some measures to try to launder its tons of sins. Information security experts report that, through Instagram, the company invites users to report malicious developers that they take advantage of users’ data.
The app has just disclosed that a reward
program will be launched for reports of abusive behaviors related to user data;
“We will award cash rewards to those who are able to detect and track
developers who violate our data protection policies,” the announcement
Just a couple of weeks ago, a research
published by Business Insider revealed that Hyp3r, a crowd funded marketing
project, was improperly collecting data from millions of Instagram
users, deploying methods such as IP address tracking and Instagram stories
storage. The social network claims that Hyp3r was exploiting an unpatched vulnerability
in the platform, so it was unaware of this practice.
Bug bounty programs have become a widely used
resource among technology companies that operate with a large amount of
sensitive personal data. These programs invite information security experts to
look for errors, security flaws, and vulnerabilities that could compromise
their operations. Some companies’ bounty programs even offer up to $1 million
USD rewards for finding critical security bugs.
In the case of Facebook, the Data Abuse Bounty program was launched last year, and will now be extended to Instagram. “Our main intention is to strengthen the information security environment on the platform, encouraging security firms and independent experts to report abuses that some developers might commit,” said Dan Gurfinkel, head of Instagram security engineering.
In addition to implementing the security bounty
program on this platform, Instagram has also advised other marketing companies
to avoid falling into violations of the social network’s data protection policy
as those committed by Hyp3r; it has even been reported that a developer who
created a location tracking app has received a cease and desist warning from
Instagram, which requires stopping these activities.
According to information security experts, the
social network has also invited a group of renowned researchers to perform
multiple security tests on some Instagram features, such as Checkout, which
allows users to make purchases through of the app. At the moment, this feature
is in beta testing stage and is only available to a small number of users.
Specialists from the International Institute of
Cyber Security (IICS) mention that a considerable number of information
security researchers are already working on finding computer errors and abusive
handling of data on Instagram even though the figures that the platform could
pay experts have not even been revealed.
A couple of weeks ago Instagram was the target
of severe criticism after allowing millions of users, mainly teenagers, to
modify their profile settings to access various platform metrics, which involved making their contact
data publicly available, such as email address or phone number.