Skip to main content

Update your Twitter app right now if you’re on Android

Twitter says it has patched a vulnerability inside its Android app that could have potentially let malicious actors view information of private accounts and take over profiles through an intricate back-end process. If a hacker managed to exploit the loophole, they could send direct messages and tweets on the target account’s behalf.

The social network claims so far it hasn’t discovered any affected user, nor found evidence of whether a third-party service has taken advantage of the bug. However, Twitter is reaching out to the people whose details may have been exposed. It’s unclear how long the vulnerability was left out in the open. The issue is not present on Twitter’s iOS app.

Twitter is now rolling out an update to its Android app. So if you’re an Android user, you should head over to the Play Store and install it immediately irrespective of whether Twitter contacted you.

“We don’t have evidence that malicious code was inserted into the app or that this vulnerability was exploited, but we can’t be completely sure so we are taking extra caution. We have taken steps to fix this issue and are directly notifying people who could have been exposed to this vulnerability either through the Twitter app or by email with specific instructions to keep them safe,” the company said in a blog post.

Since the method for abusing the glitch wasn’t all that straightforward, it’s unlikely a lot of users have been impacted due to this. Twitter essentially left a sensitive storage area of its app unprotected. By either through another third-party app or an unverified online download, a hacker could, in theory, exploit that to insert a piece of malicious code into where Twitter stores your private information on your phone and misused that access to fetch your personal data as well as post messages and tweets from your profile.

This latest security flaw is, in a lot of ways, similar to the one that happened about a month ago. On November 25, Facebook and Twitter said private data of “hundreds of their users” was compromised through malicious third-party Android apps. The breach, the two social media companies claimed, was caused because there wasn’t sufficient isolation between various software developer kits within a single app on Android.

Editors' Recommendations

Shubham Agarwal
Shubham Agarwal is a freelance technology journalist from Ahmedabad, India. His work has previously appeared in Firstpost…
The Oura Ring just got a lot more helpful if you’re pregnant
The side of the Oura Ring Horizon.

The Oura Ring has long been one of our favorite smart rings on the market. Now, it's getting even better, as Oura is introducing a new feature called Pregnancy Insights. It's only the latest in a series of announcements made recently by the company.

The Pregnancy Insights feature in the Oura Ring is designed to support women throughout their pregnancy journey by offering useful information and increasing awareness. This feature includes a gestational age tracking tool, which helps users keep track of their estimated due date. It also provides regular weekly updates on the physical changes that one might expect during pregnancy.

Read more
Is Temu legit? Everything you need to know about the shopping app
An image of the Temu app listing on the iOS app store on an iPhone 12.

Have you been looking for an Amazon shopping alternative? Outside of getting in your car and heading to your local brick-and-mortar establishment (scary, we know), one smartphone and tablet-friendly shopping tool you could take for a spin is Temu. 

Launched in September 2022, Temu prides itself on its cost-friendly approach to buying stuff online. But is it a worthy stand-in for Amazon, or should you stick to the Almighty A for your household must-haves? Let’s find out!
What is Temu?

Read more
The 1Password Android app just got a huge upgrade
The 1Password Android app, side-by-side, showing the light and dark mode.

The 1Password password manager app for Android has just gotten a huge new update, which unlocks the use of passkeys through its app. Held by many as the future of secure authentication, passkeys are the next evolution of the password, and from today, you'll be able to use 1Password to create, manage, and unlock your accounts that use passkey authentication.

1Password is one of the world's most popular password managers, with over 700,000 passwords saved. But it clearly sees that the future is elsewhere, as it has been leading the charge on taking passkeys into the mainstream.

Read more