On Wednesday, Twitter told customers that malicious applications may have exploited a flaw in its Android App to access private data.
The bug is linked to a vulnerability affecting Android 8 and 9, which Google fixed in October 2018, according to the social media giant.
“Our understanding is that 96 per cent of people who use Android Twitter already have an Android security patch installed to protect them from this vulnerability. For the other 4 percent, this vulnerability may allow an attacker to access private Twitter data on your computer (such as Direct Messages) through a malicious app installed on your device by working around Android system permissions that protect against it, “explained Twitter.
The company says there is no proof that the vulnerability has been abused, but the risk can not be entirely ruled out so it has decided to take some steps to protect users.
It modified the Android app to prevent external apps from accessing Twitter data, notified potentially impacted users about updating the application, sent in-app alerts to users who may have been vulnerable to asking them whether they had to take some action, and focused on making improvements that would help defend users from such attacks.
Last year Twitter told users that a flaw in its Android app led to the release of safe tweets.
Many security problems revealed by the company in recent months culminated in the disclosure of personal information due to the manner in which Firefox stores cached data and the company’s billing details through its advertising and analytics services.