wordpress blog stats
Connect with us

Hi, what are you looking for?

Twitter accidentally collected and shared some iOS users’ location data with a partner


Twitter revealed on Monday that a bug in its iOS app – which it has fixed – had caused users’ location data to be collected, even if the users had not chosen to share the data. The company said it accidentally shared this data with one of its partners. It did not name the partner, but said the bug had affected iOS users who used more than one Twitter account. “If you opted into using the precise location feature in one account, we may have accidentally collected location data when you were using any other account(s),” the company wrote. Twitter said this information was then shared with one of its partners during an advertising process known as real-time bidding. The company said it had intended to remove location data from the fields but “this removal did not happen as planned”. Twitter said, however, that it had “fuzzed” the data so that it was no more precise than zip code or city (5 km squared). This meant it could not be used to determine an address or map precise movements. “We have confirmed with our partner that the location data has not been retained and that it only existed in their systems for a short time, and was then deleted as part of their normal process,” Twitter wrote.

Twitter has been operating under a consent decree by the US Federal Trade Commission (FTC) since June 2010, when it settled an investigation into its lax security practices and protection of user accounts after two high-profile hacking incidents the previous year, one of which involved an account used by Barack Obama. The FTC said at the time:

Under the terms of the settlement, Twitter will be barred for 20 years from misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information, including the measures it takes to prevent unauthorised access to non-public information and honour the privacy choices made by consumers. The company also must establish and maintain a comprehensive information security program, which will be assessed by an independent auditor every other year for 10 years.

Fourth Twitter bug since September 2018

This is the fourth bug the Twitter has found since September 2018. Here are the other three:

  • ‘Protected tweets’ setting disabled automatically: In January, Twitter said that a bug in its Android app, dating back to 2014, caused the ‘Protect your Tweets’ setting to be disabled if certain account changes were made. It said Android users who had protected Tweets turned on, and made certain changes to account settings between November 3, 2014 and January 14, 2019 may have been affected.
  • Country codes of users’ phone numbers and their account status compromised: In December last year, Twitter reported a vulnerability in one of its support forms that could be used to discover the country code of users’ phone numbers associated with their Twitter account, and determine whether or not the account had been locked. In its investigation, Twitter noticed “unusual activity” on the affected customer support form API. “Specifically, we observed a large number of inquiries coming from individual IP addresses located in China and Saudi Arabia. While we cannot confirm intent or attribution for certain, it is possible that some of these IP addresses may have ties to state-sponsored actors,” the company wrote.
  • Protected tweets, private messages shared with developers: In September 2018, a bug in Twitter’s API led to protected tweets and private messages being shared with to developers not authorised to read them. The bug, which had run from May 2017, was fixed hours after Twitter discovered it on September 10, 2018. The company said it affected less than 1% of people on Twitter.

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Do we have an enabling system for the National Data Governance Framework Policy (NDGFP) aiming to create a repository of non-personal data?


A viewpoint on why the regulation of cryptocurrencies and crypto exchnages under 2019's E-Commerce Rules puts it in a 'grey area'


India's IT Rules mandate a GAC to address user 'grievances' , but is re-instatement of content removed by a platform a power it should...


There is a need for reconceptualizing personal, non-personal data and the concept of privacy itself for regulators to effectively protect data


Existing consumer protection regulations are not sufficient to cover the extent of protection that a crypto-investor would require.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ