Home Twitter Permissions: How Much Do You Trust Your Apps?

Twitter Permissions: How Much Do You Trust Your Apps?

Earlier this week, a Google engineer was caught spying on users, and a few old emails from Facebook’s CEO Mark Zuckerberg revealed that he had easy access to user profiles in the early days of the service. As we move more and more of our personal information into the cloud and onto social networks, we really have to trust these companies’ developers that they won’t misuse our data. At the same time, though, we also have to be able to assume that companies like Twitter and Facebook will ensure that developers of third-party apps can’t easily snoop on us either. According to OneForty‘s Mike Champion, Twitter’s API currently makes it too easy for unscrupulous third-party developers to access private direct messages (DMs), for example.

Twitter Permissions

As Champion points out, Twitter developers are currently only given two choices for access permissions: “read-only access” or “read & write access.” Read-only access obviously restricts developers to doing nothing more than access a user’s timeline without being able to manipulate it or post anything in the user’s name. Read-write access, however, gives a developer total control over a user’s account. With this, a third-party app can tweet in your name or follow and unfollow other accounts.

Access to Direct Message

Most importantly, though, this setting also allows developers access to your direct messages – the one part of Twitter where users rightly expect the be able to talk over a secure private channel. Here is what Champion has to say about this:

Direct Message Privacy – Do you consider your DMs private? People increasingly use DMs like short emails or IMs and assume it is a private channel between two people. In reality any app you have granted access can read all of your DMs. As an example, if you can get Michael Arrington (@arrington) to try your site and use Twitter OAuth you can now read all of his DMs. That might be tempting to an unethical few. And the challenge to Mr Arrington would be to even know that they were read without his permission. Twitter would have the logs of the API calls, but how would he know it happened? Or which app to revoke if he suspected it?

As Ryan Paul noted earlier this month on Ars Technica, there are some inherent problems with both Twitter’s implementation of the OAuth authentication standard and OAuth itself. Leaving these questions aside, though, Twitter clearly needs a more fine-grained permissions structure (something that Facebook already offers). Why, for example, can’t you tell a third-party app that it’s ok to post to your stream, but not to access your direct messages or follow list?

Note: We asked Twitter for a statement and will update this post once we hear back from them.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.