A vulnerability discovered in older versions of the Android operating system could pose a security risk to Twitter users.
Twitter has released an advisory message to all Android mobile users urging those on older versions of the operating system to update immediately. The announcement follows the discovery of a vulnerability in the Twitter app for Android that takes advantage of an underlying security issue present in Android 8 and 9.
The latest version of the Android operating system is Android 10, and those on that version are safe. There have also been security updates for Android 8 and 9 that solve this issue, however some people have disabled automatic security updates on their devices. Users are urged to install all security updates for their phone or upgrade to the latest version of Android if possible.
"We don’t have evidence that this vulnerability was exploited by attackers," wrote a Twitter representative on the site's privacy blog, adding that they believe that 96% of users are safe as they have the required security update installed. For the 4% running older versions of Android without security patches, the exploit could be used by a malicious app to access private twitter data such as Direct Messages by bypassing the Android permissions system.
Twitter is updating the app itself to prevent external apps from ever accessing its data by adding its own layer of protection beyond the Android permissions system. Anyone who may be using a vulnerable device will also be sent an in-app notification telling them to update.
Source: Twitter Privacy Blog