Android Instagram app is affected by a session hijacking vulnerability that can be exploited to conduct a man-in-the-middle attack. Facebook said it is aware of the security issue and it is planning to move everything on the Instagram site to HTTPS, but there is no definite date for the change. The attacker and victims share the same wireless data traffic this kind of attacks is very easy to perform. Facebook has said it accepts the risk of parts of Instagram communicating over HTTP not over HTTPS.”]
Source: http://securityaffairs.co/wordpress/27101/hacking/instagram-adroid-appflaw.html