Let me first of all clear up any existing discrepancies about the product. Firstly, the app cannot, in theory, be shut down by Instagram–period. I specifically implemented a feature in the requests that the app makes in which each upload request looks as if it's coming from a device (which is unique, and changes every time–this also comforts the spam filters). Thus, if Instagram effectively wanted to shutdown the product, they would have to effectively ban all of the specific device(s) which I mimic entirely. Secondly, I would like to point out that Facebook already found out about the product and they want to pull the plug. Interestingly enough, an engineer contacted me and not a representative of Facebook's legal team. I'm currently working with them to get this matter resolved efficiently. Lastly, as I mentioned below, our app connects to private API endpoints–which is how it performs uploads.
@zaersk_ this sounds pretty amazing haha - thinking about buying it- if this stays alive you're going to make A LOT of money (think of all the bloggers who would kill for this)
@chrismessina An engineer contacted me, not the legal team (they also didn't report the app to Apple), so I'm looking at this as a very peculiar, isolated case. However, I'm not dismissing the notion that they will eventually contact Apple. If they do, my hands would be tied (me vs. Facebook). But notwithstanding that, I still have some legal cards up my sleeve that I am willing to pull if it goes to that extent. As of now, I'm hoping to resolve this matter with some higher level people at Facebook.
I wonder how (and if) this works because the Instagram API doesn't allow direct posting - there are workarounds like latergram.me but those work on/with iOS extensions
@bramk Instagram's API allows direct posting–just not the public one. I managed to reverse engineer most of the private API (which for the record, was not _that_ difficult), which is how this app manages to perform upload functionality.
Report
As it isn't allowed by Instragrams API, it can't last long, can it? And as a paid app at $4.99, buyers won't be happy when (/if) it stops working.
Since Instagram purposefully does not have a public API for photo upload, I'm guessing he's mimicking the native app and using their private API. Curious to see how long this one lasts...
Update: Facebook just responded, but now with an engineering _manager_. They're threatening to get their legal and security departments involved AND blacklisting me from using ANY of their official developer services if I don't pull the app ASAP. So there's nothing left that I can do. I can't afford a blacklist, let alone a legal case.
As mentioned above, Instagram will not be able to block this app given that it's using a private API. But they can see where the connection are made from. I think it'd be fairly easy to figure out an image was not uploaded using the official apps. They can then block/delete any accounts in violation.
This looks like an awesome app, but I would like to see a more secure way to use this.
As an afterthought, I'm kinda surprised that made it through the app store's review process.
@samatrouh I don't think you understand how this app connects to Instagram's endpoints. Yes, Instagram sees where the connections are made from–the USER's IP address. There exists absolutely NO unique identification element that Instagram can use to pinpoint what requests are being sent from this client–absolutely none. But here's the problem for Instagram–how do they know it came from the app–they don't, and they will never know. The only way for Instagram to track this app down is if I blatantly signed my requests with a client identifier like "Uploader for Instagram – kill me now" or something like that–but no. No, definitely not. I managed to find a way to fly under the radar, and so far, my method has proved to be successful in evading them. I don't entirely understand your insecurity about our integrity in keeping our user's information secure. Apple App Reviewers look at all outbound requests for apps that utilize internet connectivity, and can notice when credential confiscation is taking place. I bet you're pretty surprised it got through App Review, as I am too. That was before I came to a rational realization that Apple's job isn't to decide which apps can use an API, and which apps can't, under the strict rule that no IP infringement is taking place–which in this case, none is. I suggest you research recent SCOTUS rulings like Feist Publications, Inc., v. Rural Telephone Service Co.
Uploader for Instagram
Raycast
Startup Stash
Uploader for Instagram
Astronomer
Uploader for Instagram
Startup Stash
Bobby App
Appetize.tv
Startup Stash
Uploader for Instagram
Startup Stash
The Global Startup Movement - Slush CEO Marianne Vikkula
Swat.io
Seafronts
Uploader for Instagram
Retime
Dunnnk
Uploader for Instagram