A bug in the Twitter app for Android may have had exposed tweets, the social media platform revealed on Thursday.

The bug in the Android Twitter app affects the “Protect my Tweets” option from the account’s “Privacy and safety” settings that allows viewing user’s posts only to approved followers.

People who used the Twitter app for Android may have had the protected tweets setting disabled after they made some changes to account settings, for example after a change to the email address associated with the profile.

“We’ve become aware of an issue in Twitter for Android that disabled the “Protect your Tweets” setting if certain account changes were made.” reads the security advisory published by the compan y.

“You may have been impacted by this issue if you had protected Tweets turned on in your settings, used Twitter for Android, and made certain changes to account settings such as changing the email address associated with your account between November 3, 2014, and January 14, 2019.”

The vulnerability was introduced on November 3, 2014, and was fixed on January 14, 2019, users using the iOS app or the web version were not impacted.

Twitter has notified impacted users and has turned “Protect your Tweets” back on for them if it was disabled.

“We are providing this broader notice through the Twitter Help Center since we can’t confirm every account that may have been impacted. We encourage you to review your privacy settings to ensure that your ‘Protect your Tweets’ setting reflects your preferences,” continues the advisory.

Recently Twitter addressed a similar bug, in December the researcher Terence Eden discovered that the permissions dialog when authorizing certain apps to Twitter could expose direct messages to the third-party.

In September 2018, the company announced that an issue in Twitter Account Activity API had exposed some users’ direct messages (DMs) and protected tweets to wrong developers.

Twitter is considered one of the most powerful social media platforms, it was used in multiple cases by nation-state actors as a vector for disinformation and propaganda.

In December Twitter discovered a possible nation-state attack while it was investigating an information disclosure flaw affecting its platform.

Pierluigi Paganini

( SecurityAffairs – Twitter app, Android)

Share this...

Linkedin Reddit Pinterest

Share On