Saving a single image to a mobile device can allow a cyber attacker to access your location data, contacts, files stored on the device and camera. Check Point's head of security, the world’s leading cyber security provider, describes the process as the attacker sending an image to the target's email, text message or any other communication platform. The picture is then saved to the target's mobile device and once saved the target opens Instagram it gives the attacker full access to the users phone and data.
To protect yourself from this type of invasion of privacy you should regularly:
Update the apps and operating systems on your mobile device.
Pay attention to the kinds of approvals and permissions you are giving to app developers. You should always read the fine print before approving permissions.
For more information, please check out this article.