Twitter discovered a bug in their app after geolocation data of users operating on iOS was inadvertently exposed to a third-party partner. If a user has two Twitter accounts and they have the precise location feature turned on for one of them but not for the other, the bug collected that location data. So essentially when the account that did not have precise location turned on was used on the device it automatically enabled the feature without the user’s consent. This resulted in the location then being shared with an advertising partner during a real-time bidding process. As soon as this was discovered, Twitter was able to cover the information and the only data able to be seen was the zip code and/or city. “We have confirmed with our partner that the location data has not been retained and that it only existed in their systems for a short time and was then deleted as part of their normal process,” claimed Twitter in a recent statement. All users who may have been impacted in this instance have been contacted in case any further action is taken in relation to the bug.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is