If you use Twitter for Android and want your tweets to be private, you may want to play safe and review your settings
Twitter has disclosed that it’s fixed a bug that, for more than four years, made the private (aka ‘protected’) tweets of some of the platform’s users public.
The flaw affected an unknown number of users of Twitter’s app for Android who turned on the “Protect your Tweets” feature. Available through the site’s ‘Privacy and safety’ menu, the setting is intended to make tweets visible only to that person’s followers, rather than display them publicly.
Due to the bug, however, the option was disabled by error for some of the app’s users when they made certain changes to their accounts, such as changing their email address, at any point between November 3, 2014 and January 14, 2019, when the glitch was fixed. Meanwhile, iOS and desktop users were not affected.
We’ve become aware of and fixed an issue where the “Protect your Tweets” setting was disabled on Twitter for Android. Those affected have been alerted and we’ve turned the setting back on for them. More here: https://t.co/0qM5B1S393
— Twitter Support (@TwitterSupport) January 17, 2019
Twitter said that it has notified users that it knows for sure were impacted and that it has also turned the setting back on them if the bug disabled it. However, the company admitted that it is actually unable to confirm every account that was hit, so it’s unknown just how many members of the Twittersphere were affected.
As a result, users who may have been at risk are urged to double-check their settings; that is, unless they have realized themselves at some point that something was not right, for instance, after receiving alerts or notifications that made it clear that their tweets were not so private anymore.
“We’re very sorry this happened and we’re conducting a full review to help prevent this from happening again,” said the company.
Four months ago, the microblogging platform fixed a bug that shared Direct Messages (DMs) and protected Tweets of some users with developers who were not authorized to access that information.