announced a change to the way in which it handles permissions for third-party applications. The update will give users a better understanding of how this process works and what information third-party apps can access.Twitter has just
When users authorize to a third-party app for the first time, they'll see a new permissions screen detailing what that integration with Twitter means. This can include activities like reading tweets, seeing who the user follows, tweeting on a user's behalf, or accessing Direct Messages.
It's the latter detail that often makes people balk, not realizing that up until now, this is something that's been granted to the various third-party apps that they use with their Twitter accounts. Starting today, Twitter is going to remind users that that is, indeed, something that third-party apps can do, and apps that do access DMs (such as third-party Twitter clients) will have to ask for permission to do so again.
Then at the end of the month, those apps that needn't access DMs will no longer be able to do so.
An Oft-Requested Change
According to Twitter, this change has been something both users and developers have long been asking for. But until now, developers have not had granular control over the content they could access, unlike for example apps on the Facebook platform. With Twitter, it's been all or nothing. Users have had to hand over the keys to all these activities when authorizing a new app, something that might make them uncomfortable when just trying out a new service.
Tim Haines, founder of Favstar.fm which allows users to keep track of Favorited messages, says that "As an app developer, I'm happy for this change." Favstar doesn't need DM access, so he's happy to opt out. He hopes that by being able to assure users that the app doesn't access their private messages, that more users will be likely to sign up.
New Permissions for Apps that Access Direct Messages
But now there is a new permission level called "Read, Write, & Direct Messages," according to Twitter Developer Advocate Matt Harris. If an app does require access to this permission, developers will have to make some changes and will have to use OAuth, not xAuth. "To ensure users know that an application is receiving access to their direct messages," says Harris, "we are also restricting this permission to the OAuth /authorize web flow only."
This change might put some pressure on developers of iPhone apps that will have to hustle to update and resubmit for review. The change might also make the user experience on mobile apps a little more awkward as users will be prompted through the webflow that xAuth currently avoids (and by extension, this might make Twitter's own mobile apps seem much more slick).
Applications that don't need to read direct messages won't need to make any changes, and users of these apps won't notice anything different when these permission levels change.