Twitter users were greeted by a security warning that stated that the platform had recently discovered a vulnerability in its Android app that might have impacted users. If the users had been exploited by it, it could be have allowed malicious parties access to private user data including direct messages (DMs). The pop-up message that showed up when users opened the app read
“We recently discovered a security issue in Android OS 8 and 9 that could have impacted you. Our understanding is 96% of people using Twitter for Android already have an Android security patch installed that protects them from this vulnerability. Since you are no longer using a vulnerable version of Twitter for Android on this device you do not need to do anything but we felt it was important to let you know…”
The message had the link to the Twitter Privacy Center blog that explained in length that what the vulnerability is and what needs to be done. Twitter said that this issue was related to a problem Google fixed with October 2018’s security patch so about 96% of all users on Twitter’s Android app were safe. For the remaining 4%, while Twitter was not be aware in any cases of compromise yet, to keep those on the Android 8 and Android 9, the platform recommended getting the latest update.
The latest Android update for Twitter fixes the vulnerability and implements in-app safety precautions as well, Twitter said. For the 4% who might still be on the older version of the app, this vulnerability could allow an attacker, through a malicious app installed on their device, to get access to private Twitter data by working around Android system permissions that protect against this.
“We don’t have evidence that this vulnerability was exploited by attackers. But, because we can’t be completely sure, here’s what we’re doing to keep the small group of potentially vulnerable people safe…” wrote Twitter going on to suggest an immediate app update and also mentioning that in-app notices were sent to all users who might have been vulnerable to let them know if anything needs to be done. Twitter also asked users to inform them in case anyone had been impacted and said they were also actively identifying changes in internal processes to better guard against issues like this in the future.