Twitter bug exposed the private tweets of some Android users for years

18 Jan 2019121 Views

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Twitter account on desktop. Image: niglaynike/Depositphotos

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

A bug that has existed on Twitter since 2014 exposed the tweets of some Android users with private profiles.

Twitter has disclosed that it accidentally revealed some Android users’ ‘protected’ tweets. The ‘Protect your Tweets’ setting allows people to use Twitter while keeping the content they post from the general public. Users need to approve potential followers to allow them to read their tweets.

A privacy issue for certain users

On Thursday (17 January), the company said that it had become aware of and fixed a problem where the ‘Protect your Tweets’ feature was in fact disabled for Android. According to the company, the issue affected Twitter for Android users who made certain alterations to account settings while the feature was switched on. If a user changed their email address linked to the account, the tweet protection feature was disabled.

Twitter admitted that the issue may have impacted users who made account changes between 3 November 2014 and 14 January 2019, the day the issue was remedied. It said it has re-enabled the setting on all accounts where it was disabled, adding that it is making a public announcement as it “can’t confirm every account that may have been impacted”.

It said: “We recognise and appreciate the trust you place in us, and are committed to earning that trust every day. We’re very sorry this happened and we’re conducting a full review to help prevent this from happening again.” The company noted it had informed all users affected by the bug.

DPC investigation ongoing

Last year, the Office of the Data Protection Commissioner (ODPC) announced it was investigating Twitter regarding its refusal to provide user Michael Veale with information on how he is tracked when he clicks on links within tweets.

Veale, a privacy researcher, had asked Twitter to provide him with certain data under GDPR. When he did not receive the information, he filed a complaint to the ODPC.

Twitter account on desktop. Image: niglaynike/Depositphotos

Ellen Tannam is a writer covering all manner of business and tech subjects

editorial@siliconrepublic.com