Last year, in the aftermath of the infamous Cambridge Analytica scandal, Facebook introduced the Data Abuse Bounty programme which encourages users to report apps that maliciously collect and abuse user data.
Now, the tech giant has expanded the programme to include Instagram.
Earlier this month, Business Insider revealed that startup company Hyp3r, a trusted Facebook and Instagram marketing partner, had been secretly collecting location and storing data from millions of users.
"Hyp3r's actions were not sanctioned and violate our policies. As a result, we've removed them from our platform. We've also made a product change that should help prevent other companies from scraping public location pages in this way," a spokesperson from Instagram was quoted as saying.
By adding the popular photo-sharing platform to the Data Abuse Bounty programme, Facebook hopes that users will help them identify potential violations of their policies, and said it will reward people who report misuse of Facebook data by app developers. "Our goal is to help protect the information people share on Instagram and encourage security researchers to report potential abuse to us so we can quickly take action. Just like our bug bounty programme, we will reward reports based on impact and quality," said Facebook Security Engineering manager Dan Gurfinkel in a blog post. The post does not reveal how much bounty one could expect from Instagram if they successfully identify a malicious platform app that collects and abuses user data. However, Facebook's similar Bug Bounty has paid out over US$7.5 million (S$10.4 million) over the years, and the biggest single bounty paid was US$50,000 last year. If you have identified such a malicious app, you can submit the issue through the Data Abuse Bounty form. The issue will be investigated and upon successful identification, the user will be rewarded an unspecified bounty.
