Twitter confirms security vulnerability in Twitter for Android app
SOPA Images/LightRocket via Getty Images
Do you use an app to access Twitter? Silly question, of course you do. More seriously, if you use the Android Twitter app for your tweet fix, then you’ll want to update it as soon as possible. Twitter has confirmed a vulnerability in the Twitter for Android app could allow an attacker not only to see what it calls “non-public account information,” but also take control of your Twitter account to send tweets and direct messages.
What is the security issue Twitter has confirmed?
In a Twitter Privacy Center posting dated December 20, Twitter warned users that it had identified a vulnerability within the Twitter for Android app. The vulnerability could allow a threat actor, Twitter said, “through a complicated process involving the insertion of malicious code into restricted storage areas of the Twitter app,” to access non-public information. The information that could be accessed includes direct messages, protected tweets and location information. Even more worryingly, a successful attacker could also take enough control of your Twitter account to be able to send tweets and direct messages in your name.
Who does this Twitter security issue affect?
According to Twitter, the vulnerability is restricted to users of the Twitter for Android app. iOS app users are not affected by this vulnerability. This will be a relief to iOS users, notably as a recent survey concluded that Apple was considered less trustworthy than Google when it comes to specific security issues.
Android users will be less happy, with yet another app security issue coming to the fore so soon after it was confirmed that the Google Camera app had exposed hundreds of millions of users to a security threat, and research found that Android smartphones from 29 vendors came with 146 vulnerabilities already installed.
What do you need to do to mitigate the Twitter app security risk?
Twitter has confirmed that it “recently fixed” the vulnerability and that there is no evidence to suggest it had been exploited. However, that doesn’t mean there’s nothing to see here. Twitter also said that, regarding vulnerability exploitation, “we can’t be completely sure.”
Twitter is currently emailing people who are most at risk, with instructions “based on what versions of Android and Twitter for Android people are using,” it said.
In a tweet from Twitter Support, it was revealed that the issue was patched in Twitter for Android version 7.93.4 (released November 4 for KitKat) and version 8.18 (released October 21 for Lollipop and newer.) “Twitter for Android is no longer supported on Android OS versions older than KitKat,” the tweet said.
However, given that there have been more than 500 million downloads of the Twitter app for Android, and Android itself is used within a highly diverse ecosystem, there’s only one thing to do to ensure mitigation. Yep, you’ve guessed it: update to the latest version of the Twitter for Android app and update now.