Categories
disruptive technology iOS

Security Threat: Unencrypted Cookies in Instagram iOS App

Link

 

While the Instagram API uses both non-secure HTTP and secure HTTPs connections, the weird thing is that it uses the non-secure path for your account’s authentication. All it does is store a standard cookie on your device, sent without encryption. What this means is that if you’re using an unsecure connection, like public Wi-Fi at Starbucks, someone could potentially intercept that cookie and use it to authenticate themselves into your account.

Leave a Reply