The third-party application InstaAgent, which promised to tell users who had viewed their Instagram profile, has been removed from both the Google Play and iTunes App Store for collecting user credentials. Independent iOS developer and high school student David Layer-Reiss posted evidence that the application was collecting users’ Instagram usernames and passwords, sending them to an unknown server, and using the login credentials to post spam to their Instagram accounts. The app was also known by the longer name "Who Viewed Your Profile – InstaAgent." 

Computerworld reports that the app had been “downloaded a “half million times” from Apple’s App Store and downloaded between 100,000 and 500,000 times from Google’s Play Store” before it was removed. Additionally, “App Annie analytics showed it reached the top spot in the App Store’s free chart in 15 countries.” In a statement to the BBC, a representative of Instagram said, "These types of third-party apps violate our platform guidelines and are likely an attempt to get access to a user's accounts in an inappropriate way. We advise against installing third-party apps like these. Anyone who has downloaded this app should delete it and change their password."

Essentially, InstaAgent is a new iteration of a classic internet scam, promising to reveal the identities of users who viewed your social network profile and the frequency of such views. These scams rely on a user’s curiosity as to the behavior of their social network contacts and are sometimes referred to as “reverse-stalking” apps, as they promise to show you who has been viewing your profile repeatedly. Such applications never function as promised, leading users to jeopardize their privacy and security for the benefit of the app’s creator.