Threat Model Report


Instagram is a leading photo-based social platform that encourages interactions by exposing users to an enabling environment where they can explore different interests. Over the years, the social media platform has become one of the main marketing targets for businesses because of its high conversion rates that yield to the exploration of business opportunities worldwide. The application is hosted on NGINX, which is supported by Django and Celery. The app’s backend consists of Cassandra, PostgreSQL, Memcache, Redis, and RabbitMQ.

Instagram’s Mobile Architecture

Specific Features

The Instagram app has introduced new features over the years to meet the changing needs of internet users. Currently, the app consists of IGTV, stories, and shoppable posts. Other features include nametags, quick replies in Direct Message (DM), and the explore page. Since information on the app can be accessed anytime, the mobile application does not have a data transmission media that facilitates the flow of information through the platform (Poulsen, 2018). Given that Instagram is a photo app, it is heavily dependent on the camera. Whether one is using the stories feature or the main page where they can post, it is integrated with the phone’s camera app to capture and recreate moments. Besides, it is linked with other applications such as Facebook, Snapchat, and Twitter where users can share their photos across the apps without having to login in.

Application Security

Since many applications are interconnected, application security plays an important role in safeguarding the interests of internet users when accessing the photo platform. In this regard, Instagram’s reliance with the cloud increases its vulnerability, which have compelled the developers to come up with various security measures that guarantee its performance and inability for third-parties to access private and confidential data (McCracken, 2015). Instagram has created the two-factor verification that allows individuals to back-up the security for their accounts to avoid any intrusion or hacking incidents, which may reveal their information. Apart from the text message toggle notification, users can activate the Google Authenticator on the authentication app.

Operational Environment and Use Cases

Internet users can follow people and share their pictures where other individuals will like or comment in their different posts, an aspect that promotes interactions. In the explore page, one can follow trends and view the most popular pictures and videos posted by individuals within a specified period (McCracken, 2015). The stories section has now introduced different features such as boomerang that allow users to edit videos and enhance their quality. While posting videos, one can choose whether to share them on IGTV if they exceed the recommended one minute or post them on Reels, a new feature meant to rival the popular TikTok application.

Computing Environment Security Concerns

Personal data has a high risk of breach that compels app developers to diversify their security architecture to overcome issues that may expose internet users to a challenging environment that hinders their focus. In the same vein, Instagram cannot risk being unavailable to the user on demand because of third-party intrusion from cybercriminals (Sosa-Tzec, 2019). Hence, the application has developed security features such as two-factor authentication that ensures only the users can access their accounts after logging out of the platform or when accessing their profiles on a new device.

Mobile App Considerations

Screen size is an important consideration for Instagram to enhance the user experience of individuals when accessing the platform. The app must be fluid to eliminate issues caused by the lack of adaptability, which hinders users from enjoying the platform. Notably, the app must be finger-friendly to enable users access the platform and use it to share certain aspects of their life (Mhaidli, Zou, & Schaub, 2019). By keeping the front-end design simple, people appreciate the ability of the application to respond to their interests and meet their expectations.

Architectural Design

Instagram is a network infrastructure that allows individuals to share their photos online. The platform acts as an online gallery where users share their best photos for the world to see. Instagram allows users to input their photos through a media stream before compiling its best picks and ranking them as trends. In the media stream, pictures are exposed to the pre-processor, which is linked to the parser and the scorer before finding their way to the ranker (Edwards-Stewart et al., 2019). The ranker is integrated with Instagram’s database that groups and stores pictures periodically. Before users can see the trends on the explore page, various background processes take place and categorize the posts based on their popularity level on the social platform.

Common Hardware Components

Since Instagram is a photo-sharing platform, its main hardware component is the camera, which facilitates users to post their pictures. Importantly, users can directly capture images on the app without going to the camera, a move that has enhances the user experience of individuals.

Authentication Specifications

Before users can create an account on Instagram, the new identity must represent a real person or an actual business organization. It should be unique and represent original ideas that do not conflict with those being shared by an existing account (Miralles & Granell, 2019). Likewise, the account must be public and contain one photo that allows individuals to relate with the new account.

What should/shouldn’t the app do?

The app should not freeze when users are accessing the platform because of its impact on their experience. It should not reveal private and confidential details to third-parties because of their reputation.

Requirements for the Mobile App

Business Function

Instagram exposes organizations to different consumer population groups, allowing the enterprises to tap into the ready market by creating targeted posts that convey specific information. Importantly, users can shop directly from the app without diverging from the platform, a move that curates a positive user experience for individuals (Anderson, 2016). Although different individuals are expected to oversee various activities, creating an environment where users can connect with different sellers exposes individuals to a conducive platform that satisfies their interests.

Stored Data

When creating an account on Instagram, users are expected to provide details such as their name, mobile number, and email address, which provide the application with information about the identity of the new user. Other details that are collected when the user is accessing the platform include the location and the pictures, which are stored in a database that enables the app generate trends on the explore page. Even though users can delete the pictures at will, Instagram does not clear shared photos without the user’s consent. Importantly, users possess a higher bargaining power than Instagram because of their role in establishing connections with other individuals and following their preferred accounts on the platform (Husain, 2020). Other informational aspects that are stored on Instagram include cookie data, name of service provider, and data from device settings among others.

Fig 1.0 A graphical representation of Instagram’s backend. Source/Instagram

Data Transmission

Instagram allows advertisers, app developers and publishers to share information through the Facebook Business Tools using social plugins, Facebook Login, and graph/marketing APIs. These third-parties provide Instagram with information about users and their activities on different applications linked to the application. In the same vein, Instagram can verify the websites visited by users to enhance the experience of individuals while accessing the platform (Duffy & Hund, 2019). For instance, game developers can use Instagram’s API to establish the games played by an Instagram user whether offline or when using the application. From this realization, Instagram partners receive data about users directly from the app or from third-parties working for them.

Remote Access and VPN Security

In September, Instagram discovered a major flaw in its security architecture that could have been exploited by remote hackers who tapped into selected accounts and used their devices as spying tools. The security vulnerability allowed hackers to access personal accounts and executed their selfish agendas, a move that exposed Instagram’s weak security patches. However, the app released a security update shortly after to restore user confidence by protecting them from malicious parties operating remotely.

Data-Handling Requirements

Instagram has a uniform data handling requirement for iOS, Android, and other mobile operating systems. Every user, in their unique ecosystem, can access the different features developed by Instagram, a move that has contributed significantly to the positive experience created by Instagram.

Cloud Storage

Since its inception in 2010, Instagram operated on Amazon Web Service (AWS), which allowed it to operate seamlessly before it dropped the cloud storage service to embrace its in-house cloud computing (Arvianti, 2018). This has enabled Instagram to eliminate any inconveniences associated with third-party interactions, which have a significant impact on the operational performance of organizations due to their limited control on the external environment.

Business Logic

Given the app’s size, Instagram has a unique business logic that differentiates it from other picture sharing platforms. Instagram uses validation logic, which hides implementation details from the user. The application has a certain visual appeal that entices users to share their pictures and interact with other people who use the platform to promote their businesses. Regardless of one’s intentions, the overall focus of Instagram creates an enabling environment for social interactions that can be translated into direct sales.

Data in rest/motion

Data in rest/motion exposes individuals to a person’s username, their location, and the pictures shared on their public gallery. However, if the account is private, one can only extract the information shared by the user. Many users privatize their accounts to allow limited individuals to access their profiles and maintain honest interactions that can be controlled by individuals.

Stored Credentials

If a user has activated the two-factor verification method, stored credentials are useless because of their inability to validate the login process. Without the user’s password to their email address, it is impossible for a third-party to get through the verification process. Likewise, one needs the phone number registered with the app to extract the code send to it during the two-factor verification process.

Data Integrity

Cybercriminals exploit security vulnerabilities in apps to gain access to private and confidential information belonging to many users. Even though the hackers might be in interested in gaining access to one account, penetrating Instagram’s database is usually considered beneficial because of the unlimited access to user information.

Privacy Requirements

Different corporations use personal information in their advertising antiques where they make money through advertising. Even though consent is issued, it is impossible to change the privacy agreement after creating an account because of the inability of the application to perform seamlessly and effectively.

Identity Threats and Threat Agents

Possible Threats

Third-parties may use child photos on the online gallery to pursue their selfish needs. By creating a platform where cybercrime takes place, Instagram encounters a series of reports that undermine its performance in the fast-paced technological world. Hackers operating on virtual networks to mask their actual location pose a problem to the app’s sustainability, which influences the nature of outcomes in the contemporary society.

Process of Identifying Threats

Threats affect the performance of an application when there are weak server-side controls, lack of binary protections, and insecure data storage. When identifying threats on Instagram, the developers examine any data leakage to third-parties, broken cryptography, and inform its users about phishing attacks from hackers and cybercriminals.

Personal and Corporate Data

Instagram only collects personal data that users key in during the creation of a new account. However, as users integrate Instagram with other applications for a seamless experience, the app collects data from search histories, games one plays, and other details through their APIs (McMahon & Kirley, 2019). From this realization, it is possible for personal data to mingle with corporate data, exposing organizations to a series of threats that influence their image in the business environment.

Attack Methods

Social and reverse engineering are common attack methods used by hackers to retrieve private data across different internet platforms. When developers fail to encrypt data correctly, hackers may gain access that threatens user information because of how it may be misused when handled by the wrong people. From this realization, protecting this app requires proper data storage, multifactor authentication, and effective data encryption techniques.


Attack Controls

By designing an effective security design, developers will identify any vulnerabilities in the backend that can be exploited by hackers and cybercriminals who may have ill-intentions against the photo app. Since financial transactions are executed on the app when promoting the performance of the page, it is important to protect the user information and expose shared information to a strict regimen that protects the credibility and integrity of the mobile app.

Attack Detection Controls

Encryption, VPNs, and passcodes are some of the controls that will be used to detect attacks on the platform. By introducing remote-wipe commands, data-sharing controls, and limiting rooted devices, it will become easier to detect potential attacks and thwart them as they happen.

Mitigating Security Risks

Advising users to embrace stronger passwords and incorporate biometrics in their login details is one of the approaches that can be used by Instagram to mitigate potential attacks. Users should be encouraged to only use protected Wi-Fi networks and shun from browsing the internet with public networks (Record, Straub, & Stump, 2019). Utilizing a VPN when accessing Instagram can also play an important role in mitigating the internet attacks.

Privacy Controls

Since regulators are warming up to consumer concerns about their information being shared by mobile apps, Instagram should ensure compliance by limiting the access third-parties can have when using their APIs.


This report outlines the architectural design used to develop Instagram to enhance its effectiveness in promoting social interactions among internet users. The application is hosted on NGINX, which is supported by Django and Celery. The app’s backend consists of Cassandra, PostgreSQL, Memcache, Redis, and RabbitMQ. Different threats that can lower its performance have been explored and solutions provided.




Anderson, K. E. (2016). Getting acquainted with social networks and apps: Instagram’s instant appeal. Library Hi Tech News.

Arvianti, G. F. (2018, July). Human translation versus machine translation of Instagram’s captions: Who is the best? In English Language and Literature International Conference (ELLiC) Proceedings (Vol. 2, pp. 531-536).

Duffy, B. E., & Hund, E. (2019). Gendered visibility on social media: Navigating Instagram’s authenticity bind. International Journal of Communication13, 20.

Edwards-Stewart, A., Alexander, C., Armstrong, C. M., Hoyt, T., & O’Donohue, W. (2019). Mobile applications for client use: Ethical and legal considerations. Psychological services16(2), 281.

Husain, M. P. M. (2020). Factors of Selecting Photographic Image as an Instagram’s Profile Picture. Asian Social Science and Humanities Research Journal (ASHREJ)2(2), 21-27.

McCracken, H. (2015). Instagram’s all-new search & explore features will change how you use Instagram. Fast Company.

McMahon, M. M., & Kirley, E. A. (2019). When Cute Becomes Criminal: Emoji, Threats and Online Grooming. Minn. JL Sci. & Tech.21, 37.

Mhaidli, A. H., Zou, Y., & Schaub, F. (2019). ” We can’t live without them!” app developers’ adoption of ad networks and their considerations of consumer risks. In Fifteenth Symposium on Usable Privacy and Security ({SOUPS} 2019).

Miralles, I., & Granell, C. (2019). Considerations for Designing Context-Aware Mobile Apps for Mental Health Interventions. International journal of environmental research and public health16(7), 1197.

Poulsen, S. V. (2018). Becoming a semiotic technology–a historical study of Instagram’s tools for making and sharing photos and videos. Internet Histories2(1-2), 121-139.

Record, R. A., Straub, K., & Stump, N. (2019). # Selfharm on# Instagram: examining user awareness and use of Instagram’s self-harm reporting tool. Health communication.

Sosa-Tzec, O. (2019, October). Design tensions: interaction criticism on Instagram’s mobile interface. In Proceedings of the 37th ACM International Conference on the Design of Communication (pp. 1-10).

Calculate your paper price
Pages (550 words)
Approximate price: -


Quality Research Papers

If you’re looking for an Essay writing service to help turn all of your hard work into a product that readers can appreciate, then look no further than our essay writing website. With a team of writers who go the extra mile, and customer support representative’s around-the-clock eager to assist you, we are ready to ace any exam or provide any posterity with what they need.

Top Assignment Writers

Our essay writers are experienced professionals who have the knowledge to write an essay about any subject matter in an interesting way while maintaining academic integrity. Our professional essay writers work day and night to ensure that you receive quality essays on time without any delay or interruption. With many years of experience behind us, our essay writing website is now led by professionals with extensive knowledge in various fields of study.

Zero Plagiarism

For any write my essay for me request, you will never need to worry about plagiarism or getting caught up in the stress of completing assignments when you use our professional services! Get started today by ordering your first paper from us and we'll give you 10% off!

24/7 Customer Support

We are available 24/7, 365 days a year to help you out with your academic needs! if you have any "do my paper" questions or technical concerns, simply chat with one of our essay writing customer service representatives via the Chat Window on the bottom right corner of this screen

Prompt Delivery and 100% Money Back Guarantee

These academic experts are distinct from most other essay writing websites because they have doctoral degrees and decades of professional experience in academia. And because they know how overwhelming college life can be, we waive all minimum deadlines so you can focus on studying without worrying about your assignment always hanging over your head.

Free Revisions

Our Academic writers are confident and highly capable to take on any challenge ranging from a simple high school essay, question and answer assignment help, PowerPoint Presentation, research paper, dissertation, among others . However, we do not allow customers who abuse the free revisions privilege.

Try it now!

Calculate the price of your order

Total price:

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

When the world rushes and deadlines increase, it's hard to put your best foot forward. is here to help you with top quality essays on all topics, from history papers and engineering design descriptions to sociology case studies. For any write my essay for me request, you can count on a professional team of essay writers who are well experienced and researched in their field as they develop an original paper for you with 24/7 customer support.


Homework Help Service is an excellent solution for all your problems regarding writing an outstanding admission essay. You don't need to worry about anything anymore because we will provide you with high-quality papers written by expert writers who know how to write professionally!


Paper Formats and Types

From time management skills to APA format citations; from MLA formatting rules for research papers; from college application essays where the stakes are high--all these aspects of academic life become clearer as we write it all down on paper! is a professional essay writing service that provides students with well-researched, high quality essays on any topic and at any level of study.


Editing & Proofreading

Some of our clients prefer to write their essays themselves and have a third-party like proofread it for errors after they are done writing. We have a skilled team of editors who examine your paper closely, looking out for any mistakes that may lessen the appeal or effectiveness of the essay as well as make amends in order to better improve its overall quality before you submit it anywhere else! For all your editing needs, turn to


Revision Support

You work hard at your academics, and you should be rewarded, with a revision or modification for free on any order from a discursive essay , assignment to dissertation papers.