Twitter has found a security vulnerability in its Android app, which gave access to direct messages. Most of the Twitter users saw the in-app security message, which warned them about the bug.
Twitter says Android security bug gave access to direct messages.
The security warning was shown to the users, which said that Twitter had recently found a vulnerability in the Android app. If the users have been used by it, then it might have allowed the malware agents to get access to private data like direct messages (DMs).
When the users opened the app, it showed the pop-up message which read like this:
“We recently discovered a security issue in Android OS 8 and 9 that could have impacted you. Our understanding is 96% of people using Twitter for Android already have an Android security patch installed that protects them from this vulnerability. Since you are no longer using a vulnerable version of Twitter for Android on this device you do not need to do anything but we felt it was important to let you know…”
The message had the link to the Twitter Privacy centre blog, which explained what the vulnerability is and what you should do.
Twitter said that this problem was related to a problem which Google fixed in October 2018’s security patch. About 96% of all Twitter users were safe. Remaining users were not aware of anything.
If the Android app is updated to the latest version, then Twitter fixes the bugs and implements in the app for precautions.
For those users who might have an older version of the app, this bug could have allowed the attacker to install malware on the device.
“We don’t have evidence that this vulnerability was exploited by attackers. But, because we can’t be completely sure, here’s what we’re doing to keep the small group of potentially vulnerable people safe…”
It suggested the users update the app immediately. It also sent a notice to all the users who might have got the bug. Twitter also asked the users to inform them if anyone is affected and said if they saw the changes in the app.