A Twitter Bug Left Android Users’ Private Tweets Exposed For 4 Years

Twitter just admitted that the social network accidentally revealed some Android users’ protected tweets to the public for more than 4 years — a kind of privacy blunder that you’d typically expect from Facebook.

When you sign up for Twitter, all your Tweets are public by default, allowing anyone to view and interact with your Tweets. Fortunately, Twitter also gives you control of your information, allowing you to choose if you want to keep your Tweets protected.

Enabling “Protect your Tweets” setting makes your tweets private, and you’ll receive a request whenever new people want to follow you, which you can approve or deny. It’s just similar to private Facebook updates that limit your information to your friends only.

In a post on its Help Center on Thursday, Twitter disclosed a privacy bug dating back to November 3, 2014, potentially caused the Twitter for Android app to disable the “Protect your Tweets” setting for users without their knowledge, making their private tweets visible to the public.

The bug only got triggered for those Android users who made changes to their Twitter account settings, such as changing their email address or phone number associated with their account, using the Android app between November 3, 2014, and January 14, 2019.

“We recognize and appreciate the trust you place in us and are committed to earning that trust every day,” Twitter said in its statement. “We’re very sorry this happened, and we’re conducting a full review to help prevent this from happening again.”

Apparently, on January 14, 2019, Twitter rolled out an update for Android application to fix the programming blunder.

Although Twitter did not specify exactly how many Android users were affected by this issue, 4 years is a long time duration, and it’s likely that most users have changed their account settings at least once in that period.

Twitter said the company has reached out to users whom it knows has been affected by the privacy bug.

But since Twitter “can’t confirm every account that may have been impacted,” if you are using Twitter for Android app and your tweets are supposed to be protected, it is definitely a good idea to head on to the “Privacy and Safety” settings of your app and double-check the settings to make sure the “Protect your Tweets” is enabled.

Desktop and iOS users can breathe a sigh of relief, as they were not affected by the bug.

The Twitter bug revelation came at the time when the social network is already under European Union investigation for violating the new General Data Protection Regulation (GDPR) rules.

The new law gives European citizens the right to request their personal data from companies, but when Twitter turned down a researcher’s request for data related to its short URL service, the Irish Data Protection Commission (DPC) opened an investigation.

It seems that the DPC is also aware of the latest privacy bug in the Twitter for Android app, and according to Bloomberg, the commission is currently looking into the matter.