Twitter’s new Android flaw is related to malicious apps can could compromise user accounts, if people are operating on older Android operating systems. While most users will be protected, Twitter estimates that around 4 percent of users were still vulnerable. This is because up to 2 million Android Twitter users have not updated their operating software.
According to Twitter: “We recently discovered and fixed a vulnerability in Twitter for Android related to an underlying Android OS security issue affecting OS versions 8 and 9…We don’t have evidence that this vulnerability was exploited by attackers. But, because we can’t be completely sure…”
Looking into the issue for Digital Journal is Sam Bakken, Senior Product Marketing Manager at OneSpan (which develops anti-fraud solutions).
Bakken begins by putting Twitter’s latest admission in context: ““Twitter is having a rough couple of weeks. In a recent SEC filing, they admitted that the recent compromise of high profile accounts last month, ‘…may also impact the market perception of the effectiveness of our security measures, and people may lose trust and confidence in us.’ Adding another security issue, whether they’re directly responsible for it or not, onto the pile that may expose users’ private communications isn’t doing them any favors.”
The issue is likely to rest at Twitter’s door, Bakken says, because “consumers don’t necessarily care about the intricacies of who’s to blame for a security issue. They read headlines saying there was a security problem with Twitter.”
However, Bakken explains that the solution is simple: “The good news is that there are steps app developers can take to protect apps and users against vulnerabilities such as these over which they have no control – to prevent any damage. App shielding and runtime protection provide an additional layer of security that can protect an app and its users against certain exploits of vulnerabilities in both Android and iOS.”