Engadget has been testing and reviewing consumer tech since 2004. Our stories may include affiliate links; if you buy something through a link, we may earn a commission. Read more about how we evaluate products.
Security flaw in Twitter Android app might have exposed Direct Messages
It's related to an underlying Android OS vulnerability.
Twitter acknowledged today that there was a security vulnerability in its Android app that would have exposed private data such as Direct Messages if exploited by an attacker through a malicious app (via CNBC). The issue is now fixed and is related to an underlying Android OS security issue that only affects OS versions 8 and 9. According to Twitter, around 96 percent of people using Twitter for Android already have a security patch for this vulnerability. The company said it has not found any evidence that this security flaw was exploited, but it can’t be completely sure.
In order to ensure Android users are safe, Twitter has updated its Android app to ensure external apps can’t access its in-app data. In conjunction with that, it has also sent in-app notices to those affected, and required them to update their app to the latest version. It has also promised to identify “changes to our processes to better guard against issues like this.”
This security issue comes at a bad time for Twitter, which has recently struggled with a Bitcoin scam hack that affected high-profile accounts of celebrities, brands and politicians. The hack was supposedly done via a phone spear phishing attack that targeted employees, resulting in the hacker gaining access to credentials to internal systems. The hackers have since been arrested.
