Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Twitter Android Privacy Security

Twitter Says Android Security Bug Gave Access To Direct Messages (techcrunch.com) 4

Twitter says a security bug may have exposed the private direct messages of its Android app users, but said that there was no evidence that the vulnerability was ever exploited. From a report: The bug could have allowed a malicious Android app running on the same device to siphon off a user's direct messages stored in the Twitter app by bypassing Android's in-built data permissions. But, Twitter said that the bug only worked on Android 8 (Oreo) and Android 9 (Pie), and has since been fixed. A Twitter spokesperson told TechCrunch that the bug was reported by a security researcher "a few weeks ago" through HackerOne, which Twitter uses for its bug bounty program. "Since then, we have been working to keep accounts secure," said the spokesperson. "Now that the issue has been fixed, we're letting people know." Twitter said it waited to let its users know in order to prevent someone from learning about the issue and taking advantage of it before it was fixed.
This discussion has been archived. No new comments can be posted.

Twitter Says Android Security Bug Gave Access To Direct Messages

Comments Filter:
  • At least (Score:5, Funny)

    by phantomfive ( 622387 ) on Wednesday August 05, 2020 @12:45PM (#60369671) Journal
    At least it's not a bug that allows you to spam bitcoin ads on other people's twitter feeds, that would be embarrassing.
  • Anyone who uses any direct message platform with the expectation that it's private gets the world of hurt they deserve. Do you really think, even at the very best of times, that people like executives at Twitter would ever not have a way of snooping on traffic? And with the number of vulnerabilities that exist, the threat of things leaking expands.

    If you want private conversations, then use a platform with end-to-end encryption. OMEMO, OTR, or the like. Better yet, get together with a few friends and sp

  • "Now that the issue has been fixed, we're letting people know." Twitter said it waited to let its users know in order to prevent someone from learning about the issue and taking advantage of it before it was fixed.

    It's nice to see responsible disclosure every now and then.

  • Twitter Says Android Security Bug Gave Access To Direct Message

    Shouldn't that be a “computer” security bug, except when it isn't Windows.

Whoever dies with the most toys wins.

Working...