Ever wanted to know what kind of fingerprints Instagram logs ? Here's all the answers you were looking for :)

Hey guys !

So today I was looking for evidences about the kind of logging events that instagram implements on their website and while dwelving deeper into their code I was very surprised to find this very explicitily declared in one of their javascript files :open_mouth:

I find this a very valuable and useful piece of information and it provides a great insight on the kind of fingerprints Instagram looks for on every client .

So without further due, here is the piece of code that gives us pretty much every possible fingerprint that you will need to avoid if you want to stay 100% off the radar :smile:

It’s way more information than I could have ever imagined , some of these I was already aware of and you can find such evidence by checking the invisible app permissions of android app for example .

But that’s really just a small part of everything they are logging … it’s pretty scary to be honest !

Here’s some of the most relevant logging events that you can check on this code :

  • BATTERY_STATUS (They have battery to all your battery stats, temperature, etc)
  • PROXIMITY_SENSOR (And every other kind of sensor in your phone)

Check the file with the full fingerprint tracking list and you will understand that theorethically they can fingerprint any device uniquely in a very easy way .

And here are all the hidden permissions for the Android App as well :

I believe that even though all these parameters are logged not all are being actively used by their algorithm for bot detection etc , but I think it shows us that even if you are changing your advertising ids, factory resetting or whatever you may think of, at the end of the day they could still identify you by many other fingerprints such as your battery level, sim operator or whatever . .

I hope this will be useful in giving everyone a better understanding of the kind of activity logging Instagram does these days, and also in achieving a better trust score with our automations :slightly_smiling_face:


:joy: I saw some viral videos tough with monkeys using phones


Already issues with these - without requesting the permission for Phone/Network/Bluetooth you can’t collect any of these.

For Android, IG would need the android.permission.BLUETOOTH permission - which they don’t have and don’t request :thinking:
To get the network state, android.permission.ACCESS_NETWORK_STATE

So these might only be valid for iOS.

Don’t get stuck in analysis paralysis. :crazy_face:

Well I guess they didn’t see that coming :laughing:

Monkey - 1 IG - 0

Rekt their monkey detection !

Talking seriously , monkey detection is just a test to see if the client is a test user generating random events such as mouse clicks, touches or gestures . It helps with bot detection


Check my post update, I added the android permissions as well and all those are given to IG :disappointed_relieved:

Oh wow🤖…we doomed if they decide to use it all😄

Eheh naaah, just exploring my curiosity not gonna go crazy about it :slight_smile:


Very true :smile: The possibilities are endless once they have access to all that info, I’m surprised they’ve made it so easy to game their bot detection algorithm tbh .

Seems like they are focusing more on the amount of actions than actually implementing proper detection rules, which seems to be resulting in a lot of false flags for regular users .

Since faking the client log events is so easy and they aren’t using most of these fingerprints for bot detection purposes I think we can say that their so hyped bot detection algorithm is failing big time and can be bypassed quite easily .

Let’s see where this goes …

1 Like

@Kaylon Haha am certain till we have all of you guys w the brains :brain: game will never be over!:nerd_face::stuck_out_tongue_winking_eye:

use Xprivacy to restrict the categories of data instagram can access
Problem solved!



Monkey… it is an automation tool

Build by google for android testing.

Only a monkey uses monkey …


So App Cloner is doing a good job :wink:


What’s Heartbeat and Heartbeat_v2? (at the end of the pastebin file)

The only issue is the package name is not instagram.com so it is detected as cloner.

Yes, but… :wink: :point_down:


Official Instagram Info: https://help.instagram.com/519522125107875

Information we obtain from these devices includes:

  • Device attributes: information such as the operating system, hardware and software versions, battery level, signal strength, available storage space, browser type, app and file names and types, and plugins.

  • Device operations: information about operations and behaviors performed on the device, such as whether a window is foregrounded or backgrounded, or mouse movements (which can help distinguish humans from bots).

  • Identifiers: unique identifiers, device IDs, and other identifiers, such as from games, apps or accounts you use, and Family Device IDs (or other identifiers unique to Facebook Company Products associated with the same device or account).

  • Device signals: Bluetooth signals, and information about nearby Wi-Fi access points, beacons, and cell towers.

  • Data from device settings: information you allow us to receive through device settings you turn on, such as access to your GPS location, camera or photos.

  • Network and connections: information such as the name of your mobile operator or ISP, language, time zone, mobile phone number, IP address, connection speed and, in some cases, information about other devices that are nearby or on your network, so we can do things like help you stream a video from your phone to your TV.

  • Cookie data: data from cookies stored on your device, including cookie IDs and settings. Learn more about how we use cookies in the Facebook Cookies Policy and Instagram Cookies Policy.

1 Like

Been awhile since last checked this.
I am not sure you can run them at the same time due.

Hey! Just a quick question does it really needs to instagram.com only or any other.
What is the real package name of original instagram application?
And what do u people think how long app cloner can cope up with instagram as I have seen from years it is doing a great job. Months years weeks?

the monkey one gave me a good laugh