Skip to main content

Twitter warns about Android app security issue that could have allowed account takeover

Twitter today began emailing Android users about a security issue that “could have compromised” accounts. Fixed several weeks ago, there’s no “evidence that this was exploited,” but the company is encouraging all to update.

A blog post titled “Twitter for Android Security Issue” and dated this month describes how the vulnerability “could allow a bad actor to see nonpublic account information or to control your account.” The latter possibly includes sending Tweets or Direct Messages, while information that could have been accessed includes DMs, protected Tweets, and location.

At issue was the “insertion of malicious code into restricted storage areas of the Twitter app,” through what Twitter called a “complicated process.” Twitter has informed us that today’s problem is not related to the SDK issue that emerged in late November.

Twitter doesn’t have “evidence that malicious code was inserted into the app or that this vulnerability was exploited,” but the warning and extra caution comes as it “can’t be completely sure.”

Users are advised to make sure they’ve updated to the latest version, though the Twitter Support account clarified how the “issue was fixed in Twitter for Android version 7.93.4 (released Nov. 4, 2019 for KitKat) as well as version 8.18 (released Oct. 21, 2019 for Lollipop and newer).” Most are presumably already patched against the problem.

We have taken steps to fix this issue and are directly notifying people who could have been exposed to this vulnerability either through the Twitter app or by email with specific instructions to keep them safe. These instructions vary based on what versions of Android and Twitter for Android people are using. We recommend that people follow these instructions as soon as possible.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Google on YouTube for more news:

Comments

Author

Avatar for Abner Li Abner Li

Editor-in-chief. Interested in the minutiae of Google and Alphabet. Tips/talk: abner@9to5g.com

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications