Introduction
Instagram is a leading photo-based social platform that encourages interactions by exposing users to an enabling environment where they can explore different interests. Over the years, the social media platform has become one of the main marketing targets for businesses because of its high conversion rates that yield to the exploration of business opportunities worldwide. The application is hosted on NGINX, which is supported by Django and Celery. The app’s backend consists of Cassandra, PostgreSQL, Memcache, Redis, and RabbitMQ.
Instagram’s Mobile Architecture
Specific Features
The Instagram app has introduced new features over the years to meet the changing needs of internet users. Currently, the app consists of IGTV, stories, and shoppable posts. Other features include nametags, quick replies in Direct Message (DM), and the explore page. Since information on the app can be accessed anytime, the mobile application does not have a data transmission media that facilitates the flow of information through the platform (Poulsen, 2018). Given that Instagram is a photo app, it is heavily dependent on the camera. Whether one is using the stories feature or the main page where they can post, it is integrated with the phone’s camera app to capture and recreate moments. Besides, it is linked with other applications such as Facebook, Snapchat, and Twitter where users can share their photos across the apps without having to login in.
Application Security
Since many applications are interconnected, application security plays an important role in safeguarding the interests of internet users when accessing the photo platform. In this regard, Instagram’s reliance with the cloud increases its vulnerability, which have compelled the developers to come up with various security measures that guarantee its performance and inability for third-parties to access private and confidential data (McCracken, 2015). Instagram has created the two-factor verification that allows individuals to back-up the security for their accounts to avoid any intrusion or hacking incidents, which may reveal their information. Apart from the text message toggle notification, users can activate the Google Authenticator on the authentication app.
Operational Environment and Use Cases
Internet users can follow people and share their pictures where other individuals will like or comment in their different posts, an aspect that promotes interactions. In the explore page, one can follow trends and view the most popular pictures and videos posted by individuals within a specified period (McCracken, 2015). The stories section has now introduced different features such as boomerang that allow users to edit videos and enhance their quality. While posting videos, one can choose whether to share them on IGTV if they exceed the recommended one minute or post them on Reels, a new feature meant to rival the popular TikTok application.
Computing Environment Security Concerns
Personal data has a high risk of breach that compels app developers to diversify their security architecture to overcome issues that may expose internet users to a challenging environment that hinders their focus. In the same vein, Instagram cannot risk being unavailable to the user on demand because of third-party intrusion from cybercriminals (Sosa-Tzec, 2019). Hence, the application has developed security features such as two-factor authentication that ensures only the users can access their accounts after logging out of the platform or when accessing their profiles on a new device.
Mobile App Considerations
Screen size is an important consideration for Instagram to enhance the user experience of individuals when accessing the platform. The app must be fluid to eliminate issues caused by the lack of adaptability, which hinders users from enjoying the platform. Notably, the app must be finger-friendly to enable users access the platform and use it to share certain aspects of their life (Mhaidli, Zou, & Schaub, 2019). By keeping the front-end design simple, people appreciate the ability of the application to respond to their interests and meet their expectations.
Architectural Design
Instagram is a network infrastructure that allows individuals to share their photos online. The platform acts as an online gallery where users share their best photos for the world to see. Instagram allows users to input their photos through a media stream before compiling its best picks and ranking them as trends. In the media stream, pictures are exposed to the pre-processor, which is linked to the parser and the scorer before finding their way to the ranker (Edwards-Stewart et al., 2019). The ranker is integrated with Instagram’s database that groups and stores pictures periodically. Before users can see the trends on the explore page, various background processes take place and categorize the posts based on their popularity level on the social platform.
Common Hardware Components
Since Instagram is a photo-sharing platform, its main hardware component is the camera, which facilitates users to post their pictures. Importantly, users can directly capture images on the app without going to the camera, a move that has enhances the user experience of individuals.
Authentication Specifications
Before users can create an account on Instagram, the new identity must represent a real person or an actual business organization. It should be unique and represent original ideas that do not conflict with those being shared by an existing account (Miralles & Granell, 2019). Likewise, the account must be public and contain one photo that allows individuals to relate with the new account.
What should/shouldn’t the app do?
The app should not freeze when users are accessing the platform because of its impact on their experience. It should not reveal private and confidential details to third-parties because of their reputation.
Requirements for the Mobile App
Business Function
Instagram exposes organizations to different consumer population groups, allowing the enterprises to tap into the ready market by creating targeted posts that convey specific information. Importantly, users can shop directly from the app without diverging from the platform, a move that curates a positive user experience for individuals (Anderson, 2016). Although different individuals are expected to oversee various activities, creating an environment where users can connect with different sellers exposes individuals to a conducive platform that satisfies their interests.
Stored Data
When creating an account on Instagram, users are expected to provide details such as their name, mobile number, and email address, which provide the application with information about the identity of the new user. Other details that are collected when the user is accessing the platform include the location and the pictures, which are stored in a database that enables the app generate trends on the explore page. Even though users can delete the pictures at will, Instagram does not clear shared photos without the user’s consent. Importantly, users possess a higher bargaining power than Instagram because of their role in establishing connections with other individuals and following their preferred accounts on the platform (Husain, 2020). Other informational aspects that are stored on Instagram include cookie data, name of service provider, and data from device settings among others.
Fig 1.0 A graphical representation of Instagram’s backend. Source/Instagram
Data Transmission
Instagram allows advertisers, app developers and publishers to share information through the Facebook Business Tools using social plugins, Facebook Login, and graph/marketing APIs. These third-parties provide Instagram with information about users and their activities on different applications linked to the application. In the same vein, Instagram can verify the websites visited by users to enhance the experience of individuals while accessing the platform (Duffy & Hund, 2019). For instance, game developers can use Instagram’s API to establish the games played by an Instagram user whether offline or when using the application. From this realization, Instagram partners receive data about users directly from the app or from third-parties working for them.
Remote Access and VPN Security
In September, Instagram discovered a major flaw in its security architecture that could have been exploited by remote hackers who tapped into selected accounts and used their devices as spying tools. The security vulnerability allowed hackers to access personal accounts and executed their selfish agendas, a move that exposed Instagram’s weak security patches. However, the app released a security update shortly after to restore user confidence by protecting them from malicious parties operating remotely.
Data-Handling Requirements
Instagram has a uniform data handling requirement for iOS, Android, and other mobile operating systems. Every user, in their unique ecosystem, can access the different features developed by Instagram, a move that has contributed significantly to the positive experience created by Instagram.
Cloud Storage
Since its inception in 2010, Instagram operated on Amazon Web Service (AWS), which allowed it to operate seamlessly before it dropped the cloud storage service to embrace its in-house cloud computing (Arvianti, 2018). This has enabled Instagram to eliminate any inconveniences associated with third-party interactions, which have a significant impact on the operational performance of organizations due to their limited control on the external environment.
Business Logic
Given the app’s size, Instagram has a unique business logic that differentiates it from other picture sharing platforms. Instagram uses validation logic, which hides implementation details from the user. The application has a certain visual appeal that entices users to share their pictures and interact with other people who use the platform to promote their businesses. Regardless of one’s intentions, the overall focus of Instagram creates an enabling environment for social interactions that can be translated into direct sales.
Data in rest/motion
Data in rest/motion exposes individuals to a person’s username, their location, and the pictures shared on their public gallery. However, if the account is private, one can only extract the information shared by the user. Many users privatize their accounts to allow limited individuals to access their profiles and maintain honest interactions that can be controlled by individuals.
Stored Credentials
If a user has activated the two-factor verification method, stored credentials are useless because of their inability to validate the login process. Without the user’s password to their email address, it is impossible for a third-party to get through the verification process. Likewise, one needs the phone number registered with the app to extract the code send to it during the two-factor verification process.
Data Integrity
Cybercriminals exploit security vulnerabilities in apps to gain access to private and confidential information belonging to many users. Even though the hackers might be in interested in gaining access to one account, penetrating Instagram’s database is usually considered beneficial because of the unlimited access to user information.
Privacy Requirements
Different corporations use personal information in their advertising antiques where they make money through advertising. Even though consent is issued, it is impossible to change the privacy agreement after creating an account because of the inability of the application to perform seamlessly and effectively.
Identity Threats and Threat Agents
Possible Threats
Third-parties may use child photos on the online gallery to pursue their selfish needs. By creating a platform where cybercrime takes place, Instagram encounters a series of reports that undermine its performance in the fast-paced technological world. Hackers operating on virtual networks to mask their actual location pose a problem to the app’s sustainability, which influences the nature of outcomes in the contemporary society.
Process of Identifying Threats
Threats affect the performance of an application when there are weak server-side controls, lack of binary protections, and insecure data storage. When identifying threats on Instagram, the developers examine any data leakage to third-parties, broken cryptography, and inform its users about phishing attacks from hackers and cybercriminals.
Personal and Corporate Data
Instagram only collects personal data that users key in during the creation of a new account. However, as users integrate Instagram with other applications for a seamless experience, the app collects data from search histories, games one plays, and other details through their APIs (McMahon & Kirley, 2019). From this realization, it is possible for personal data to mingle with corporate data, exposing organizations to a series of threats that influence their image in the business environment.
Attack Methods
Social and reverse engineering are common attack methods used by hackers to retrieve private data across different internet platforms. When developers fail to encrypt data correctly, hackers may gain access that threatens user information because of how it may be misused when handled by the wrong people. From this realization, protecting this app requires proper data storage, multifactor authentication, and effective data encryption techniques.
Controls
Attack Controls
By designing an effective security design, developers will identify any vulnerabilities in the backend that can be exploited by hackers and cybercriminals who may have ill-intentions against the photo app. Since financial transactions are executed on the app when promoting the performance of the page, it is important to protect the user information and expose shared information to a strict regimen that protects the credibility and integrity of the mobile app.
Attack Detection Controls
Encryption, VPNs, and passcodes are some of the controls that will be used to detect attacks on the platform. By introducing remote-wipe commands, data-sharing controls, and limiting rooted devices, it will become easier to detect potential attacks and thwart them as they happen.
Mitigating Security Risks
Advising users to embrace stronger passwords and incorporate biometrics in their login details is one of the approaches that can be used by Instagram to mitigate potential attacks. Users should be encouraged to only use protected Wi-Fi networks and shun from browsing the internet with public networks (Record, Straub, & Stump, 2019). Utilizing a VPN when accessing Instagram can also play an important role in mitigating the internet attacks.
Privacy Controls
Since regulators are warming up to consumer concerns about their information being shared by mobile apps, Instagram should ensure compliance by limiting the access third-parties can have when using their APIs.
Conclusion
This report outlines the architectural design used to develop Instagram to enhance its effectiveness in promoting social interactions among internet users. The application is hosted on NGINX, which is supported by Django and Celery. The app’s backend consists of Cassandra, PostgreSQL, Memcache, Redis, and RabbitMQ. Different threats that can lower its performance have been explored and solutions provided.