The damage to users’ privacy that Facebook has caused may be irreparable; however, the company will implement some measures to try to launder its tons of sins. Information security experts report that, through Instagram, the company invites users to report malicious developers that they take advantage of users’ data.
The app has just disclosed that a reward program will be launched for reports of abusive behaviors related to user data; “We will award cash rewards to those who are able to detect and track developers who violate our data protection policies,” the announcement says.
Just a couple of weeks ago, a research published by Business Insider revealed that Hyp3r, a crowd funded marketing project, was improperly collecting data from millions of Instagram users, deploying methods such as IP address tracking and Instagram stories storage. The social network claims that Hyp3r was exploiting an unpatched vulnerability in the platform, so it was unaware of this practice.
Bug bounty programs have become a widely used resource among technology companies that operate with a large amount of sensitive personal data. These programs invite information security experts to look for errors, security flaws, and vulnerabilities that could compromise their operations. Some companies’ bounty programs even offer up to $1 million USD rewards for finding critical security bugs.
In the case of Facebook, the Data Abuse Bounty program was launched last year, and will now be extended to Instagram. “Our main intention is to strengthen the information security environment on the platform, encouraging security firms and independent experts to report abuses that some developers might commit,” said Dan Gurfinkel, head of Instagram security engineering.
In addition to implementing the security bounty program on this platform, Instagram has also advised other marketing companies to avoid falling into violations of the social network’s data protection policy as those committed by Hyp3r; it has even been reported that a developer who created a location tracking app has received a cease and desist warning from Instagram, which requires stopping these activities.
According to information security experts, the social network has also invited a group of renowned researchers to perform multiple security tests on some Instagram features, such as Checkout, which allows users to make purchases through of the app. At the moment, this feature is in beta testing stage and is only available to a small number of users.
Specialists from the International Institute of Cyber Security (IICS) mention that a considerable number of information security researchers are already working on finding computer errors and abusive handling of data on Instagram even though the figures that the platform could pay experts have not even been revealed.
A couple of weeks ago Instagram was the target of severe criticism after allowing millions of users, mainly teenagers, to modify their profile settings to access various platform metrics, which involved making their contact data publicly available, such as email address or phone number.