Oh, Gee

Yesterday I became aware of the awkwardly named “The OG App” (🙄), which promises “the OG Instagram experience”: “With the OG app, you can easily filter what you see in your Instagram feed, create custom feeds, remove reels, ads, suggested content, and more!” It seemed impossible, and that’s because it is.

I nearly gave the app access to my Instagram account, believing for a moment that maybe, given its presence in the App Store at all, it had been properly vetted; but because of their suspiciously slow homepage, as well as the company’s bizarre name (“Un1feed”) and the dearth of info about it, I decided to wait. I’m glad I did.

The app reportedly used Instagram’s private API, and it did this by “reverse engineering the Android API,” according to its own developers.

Further, it used “an intermediate login” for two-factor authentication: “Instagram will alert you about this but we logout of this session IMMEDIATELY.” In other words, they were remotely initiating a 2FA request on some virtual machine, asking you what Instagram sent you, then punching it into the browser on that virtual machine. This is how it “logged in” as you, resulting in logins from remote and suspicious locations such as Ukraine and occasionally getting people locked out of their account. This is extremely irresponsible behavior as security is concerned.

The app has (predictably) been pulled from the App Store, and its creators are now posturing as downtrodden Davids crusading against the ills of the social media Goliaths — privacy, mental wellness, etc. — instead of naïve teenagers who broke the rules of the App Store, risked their users’s security, and got their app removed for it.

As they put it, “Meta is intent on taking extraordinary measures to suppress and censor us simply because we did right by their users” (emphasis mine). And to TechCrunch they wrote, “Facebook hates its own users so much, it’s willing to crush an alternative that gives them a clean, ad-free Instagram. Apple is colluding with Facebook to bully two teenagers who made Instagram better.”

They’re further claiming that Meta has banned all of their personal accounts, and that this requires that “Meta searched up every team member on LinkedIn or Google, found our full name, and manually banned us.”

Given the petulant and unserious way they’re reacting to their removal from the App Store, and their belief that Apple and Meta should allow developers — out of…altruism? — to use Meta’s APIs in ways that are explicitly forbidden by their terms of service, I’m skeptical that this banning has actually occurred as described.

TechCrunch continued, “The app still remains live on the Google Play Store. So the founders said that Android is ‘the clear choice for users who want privacy, freedom, and optionality.'”

I haven’t brushed up on the Play Store’s terms of service, but I would wager that Google also disallows apps from violating Meta’s — or anybody’s — API rules.

Ambitiously, Un1feed claimed on their website that similar apps were coming for TikTok, Snapchat, Facebook, Pinboard, Twitter, YouTube, and Reddit.

These goals appear unlikely.

If you’d like to see and manage who and which apps have access to your Instagram profile, go to the Apps and Websites section in Settings.

Update October 5, 2022: The OG App has been pulled from the Google Play Store, as well.

Leave a Reply