Twitter says it identified and fixed a vulnerability in its Android app related to an underlying OS security issue that affects Android 8 Oreo and 9 Pie.
In a blog post and also a warning pushed to users via the Twitter mobile app, the social media platform says it believes 96 percent of people using the Twitter for Android app already have a security patch installed that protects against the vulnerability.
For the other four percent, an attacker could use a malicious app installed on your phone to exploit the vulnerability. Doing so could give the attacker access to private Twitter data on users’ phones, such as Direct Messages (DMs). The vulnerability works around Android’s system permissions, which typically protect against this.
However, Twitter also says it’s doesn’t have evidence that attackers exploited the vulnerability. Unfortunately, the company notes it can’t be sure, so it will take several steps to protect exposed users.
First, Twitter says it updated its Android app to ensure external apps can’t access Twitter in-app data. The update adds extra safety precautions beyond the standard OS protections.
Second, Twitter says it will require anyone potentially impacted to update Twitter for Android.
Along with that, Twitter will send in-app notices to everyone who could have been vulnerable to let them know if they need to do anything. Interestingly, I received this notification first on iOS as well, despite the vulnerability not impacting iOS users. Twitter says it will identify changes to its processes to better guard against issues like this.
Those interested can learn more about the security issue on Twitter’s website.
Unfortunately for Twitter, this is just another security problem the social network has faced recently. Twitter recently suffered a high-profile incident that saw hackers take over several significant accounts, such as Barack Obama, Joe Biden and Elon Musk. Additionally, Twitter faces a $250 million USD fine for using phone numbers for advertising.