If endlessly scrolling through Twitter on your phone is part of your daily ritual, you’re going to want to update the app as soon as you can if you’re an Android user. Twitter has confirmed a vulnerability in its Android app that could let hackers see your “nonpublic account information” and commandeer your account to send tweets and direct messages.
According to a Twitter Privacy Centre blog posted on December 20, the (recently patched) security issue could allow hackers to gain control of an account and access data like location information and protected tweets “through a complicated process involving the insertion of malicious code into restricted storage areas of the Twitter app,” potentially putting the app’s millions of users at risk. A tweet from Twitter support later elaborated that the issue was fixed for Android version 7.93.4 (released in November for KitKat) as well as version 8.18 (released in October for Lollipop and newer).
So if you use Twitter’s Android app, you need to update to the latest version. Like, now. It’s OK, I’ll wait . . .
(Twitter’s iOS app apparently wasn’t affected in all this, so iOS users feel free to keep scrolling to your little heart’s content.)
The blog post went on to say that there’s currently no evidence to suggest any bad actors have exploited this bug, but “we can’t be completely sure” so Twitter’s taking a proactive response. It’s currently emailing users who are most at risk for this exploitation and providing instructions on how to update the app.
While this doesn’t appear to be the same vulnerability a hacker exploited to co-opt Twitter CEO Jack Dorsey’s account back in August, you can gauge by that blunder just how embarrassing these security issues can be. Just throw this baggage on top of the other recent privacy scandals Twitter and Android have waded into ahead of the new decade.
Earlier this week Twitter announced a stronger crackdown on inactive accounts. Under its inactrive account policy it would begin to free up usernames and delete inactive accounts. While this may be good news for those who have been waiting years to snatch up their username of choice, the decision raised questions around accounts of the deceased. The social media has now apologised and addressed the issue.