Twitter started notify their users about an issue that could allow malicious Android apps running on users' devices to access Twitter data, including private messages.
The developers write that they recently discovered and fixed a vulnerability in the Twitter app for Android that arose in connection with an Android security issue that affected Android 8 (Oreo) and Android 9 (Pie). Experts do not report what kind of error they are talking about, it is only known that it was eliminated back in October 2018…
According to experts, 96% of users have already installed updates that protect against this vulnerability. For the remaining 4% of users, this vulnerability means that attackers can gain access to sensitive data (such as private messages) using a malicious application installed on devices, which makes it possible to bypass the Android system settings designed to protect against such actions.
The Twitter developers emphasize that they have no evidence that the attackers used this vulnerability. However, the company strongly recommends that users update the Twitter Android app as soon as possible. Especially those who are still using Android 8 or Android 9 where the bug could be exploited.