Everything free comes at a price, same is the case of Top 9 App

Instagram user’s timeline must be overwhelming right now with collages of their Top 9 of 2019 posts. And if you haven’t created one till now, you’ve likely encountered articles that maybe explaining how to create these year-end collages of your most popular Instagram posts. You must be enticed to use that, of course you would want everybody to see your top 9 for 2019. But for sure you are not aware that these tools are not made by Instagram. And using them can have major privacy implications.

Originally, Top 9 app was created by a company called Beta Labs, debuted in 2015. The app asks Instagram users to give Top 9 read-only access to their accounts so that it can create a collage of their nine most-liked or most-interacted-with posts of the year.

But the worst part of the app is – a plethora of imitators, and scammers have allegedly cropped up with their own version of Top 9 or Best 9 apps. And some of these pose serious privacy and security threats to users.

While Beta Labs always asks users to log into their Instagram accounts in order to see their posts, moreover the original app doesn’t harvest or ask for their passwords, and can’t even have access to their photo libraries. This is because Instagram itself handles the authentication process for Top 9. However, Top 9 clones ask for direct access to your Instagram account, which can be really risky. As they ask for your password and sometimes they can even access to your entire photo library on your device.

Needless to say, giving access to such shady apps, isn’t a wise idea at all. And the Top 9 clone issue has become so alarming that Beta Labs had to post a security warning about it last month.

Beta Labs post reminds Instagram users that if their account is already public, they don’t have to provide their password to an outside app to allow it to create a collage. Also, Beta Labs warns users that shady Top 9 clones will often ask users to log into their Instagram accounts, at the same time the true URL of the site they’re logging into will be masked. Beta Labs suggests, “If you can’t see the address bar, then it’s better not to risk it using this app.”