What you need to know
- Twitter today disclosed a vulnerability in its Android app.
- The security flaw could have allowed attackers to access a user's private information, including their DMs.
- The company claims only about 4% of its userbase on Android is vulnerable.
A vulnerability in Twitter's Android app, based on an underlying flaw in Android itself that was disclosed back in 2018, could have allowed malicious actors to access a user's personal information, Twitter reported today.
The issue only affected users on Android 8 and 9, and by Twitter's estimates, 96% of its user base on Android already have the relevant security patches installed on their device that safeguard them from this exploit. To protect the remaining 4% of users — which the company calls a 'small group', despite having a billion downloads on the Play Store — Twitter announced that it's doing the following:
- Updated Twitter for Android to make sure external apps can't access Twitter in-app data by adding extra safety precautions beyond standard OS protections
- Requiring anyone that may be impacted to update Twitter for Android
- Sending in-app notices to everyone who could have been vulnerable to let them know if they need to do anything
- Identifying changes to our processes to better guard against issues like this
The company noted that it found no evidence that hackers had used this particular vulnerability, but still urged everyone to update the app.
The news comes just weeks after a major bitcoin scam involving the Twitter accounts of several high-profile people, such as Bill Gates, Elon Musk, Barack Obama, and others. The incident has already resulted in the arrests of three individuals: a 19-year-old from the U.K. and two individuals from Florida, one of whom is a minor.