An Android security bug gave access to Twitter DMs

Twitter reported that a security bug may have exposed the private direct messages of users accessing Twitter via their Android app.

Thankfully, there is currently no evidence that the vulnerability was ever exploited.

Had the bug been exploited, it would have allowed a malicious Android app running on the same device to access a user’s DMs that were stored in the Twitter app by bypassing Android’s built-in data permissions.

The bug was patched in October of 2018 and only worked on Android 8 (Oreo) and Android 9 (Pie) OS.

Twitter waiting to alert users to the issue in order to prevent someone from learning about the issue and taking advantage of it prior to it being fixed.

Since October of 2018 a vast majority of users have updated their Twitter for Android app and are no longer vulnerable.

However, about 4% of users are still running an older version of the app and need to update their app in order to patch the vulnerability.

Twitter has begun notifying users of the need to update in-app. Users that receive this notification should update as soon as possible.

As always, if we can be of help with your network or computer, give us a call here at RHYNO Networks. (855) 749-6648