Twitter acknowledged today that there was a security vulnerability in its Android app that would have exposed private data such as Direct Messages if exploited by an attacker through a malicious app (via CNBC). The issue is now fixed and is related to an underlying Android OS security issue that only affects OS versions 8 and 9. According to Twitter, around 96 percent of people using Twitter for Android already have a security patch for this vulnerability. The company said it has not found any evidence that this security flaw was exploited, but it can’t be completely sure.
In order to ensure Android users are safe, Twitter has updated its Android app to ensure external apps can’t access its in-app data. In conjunction with that, it has also sent in-app notices to those affected, and required them to update their app to the latest version. It has also promised to identify “changes to our processes to better guard against issues like this.”