Twitter for Android Security Vulnerability

Better yet: don&#x27;t install the Twitter app, and instead use m.twitter.com, which works perfectly and stays entirely within the browser&#x27;s sandbox as it should.<p>You can have a separate icon for that as though it were an app, and if you <i>really</i> want to, you can enable push notifications just as you could with an app.

identified October 2018<p>fixed August 2020<p>Good job Twitter<p><a href="https:&#x2F;&#x2F;source.android.com&#x2F;security&#x2F;bulletin&#x2F;2018-10-01" rel="nofollow">https:&#x2F;&#x2F;source.android.com&#x2F;security&#x2F;bulletin&#x2F;2018-10-01</a>

Strangely, I got a notification for this on twitter.com on Win 10 Chrome and it said &quot;you are no longer using a vulnerable version of Anrdoid on this device&quot;.[1] I do use Twitter for Android on my phone, so maybe they sent the notifications to anyone using it but they forgot it could be displayed in the web interface too.<p>I find the &quot;Our understanding&quot; language strange. Presumably this number comes from some kind of metrics, but it seems like a bit of CYA language?<p>Still, appreciate the heads up for something they AFAIK didn&#x27;t have any obligation to give a notification for.<p>[1] <a href="https:&#x2F;&#x2F;i.imgur.com&#x2F;8dJ9Eq3.png" rel="nofollow">https:&#x2F;&#x2F;i.imgur.com&#x2F;8dJ9Eq3.png</a>

They&#x27;re awfully vague about exactly what the vulnerability was and what could exploit it. I thought the sandboxing between apps would be quite solid and well-tested. Did that break somehow, or did the Twitter app have some kind of insecure API for other apps to interface with the local Twitter app?

If only old hardware&#x2F;phones could get OS security updates by any mechanism.<p>I have a growing drawer of old hardware that is perfectly functional but no longer updateable.

I got this alert and have <i>never</i> installed any Twitter app.