Also... wouldn't the bandwidth of streaming back all that video be pretty obvious? Seems like it would take a lot of resources for data they probably already have anyway.
Agreed. No matter what advanced stenography they try to use, if the app’s upload volume increases when given camera permissions that'll be easy to spot. That alone wouldn't prove anything, but it would definitely be interesting enough to merit a deeper investigation. Jailbreaks on iOS are currently flourishing, and developing the multiple exploits needed to pull that off makes reverse-engineering the Instagram app seems easy by comparison.