Shared publicly  - 
 
I am no longer using Twitter. Twitter betrayed me.

What happened? I got a new version of the Twitter app on my Android phone. After installing, it put a tiny icon in the status bar enticing me to find more friends. I clicked on it because I wanted to check out the UI. But lo and behold, as soon as I clicked, the Twitter app started sending my entire address book to the Twitter servers and displaying matches -- without first asking me if that's what I wanted to do (I would have said no).

This behavior is not right for a status bar icon -- such icons normally bring up the app with some kind of dialog, where you can e.g. snooze a calendar item. They don't initiate major actions immediately. (The only other icon that I can recall that has a side effect when you select it is the alarm clock -- it dismisses a snoozed alarm, which is basically the only thing you could possibly want from it.)
210
69
Thomas Kaufmann's profile photoMichael Lambert's profile photoOan Nam's profile photoJuanjo Alvarez's profile photo
47 comments
 
Maybe you should also ditch your Android phone while you are at it, because they allowed this to happen to you. This likely wouldn't happen on iOS App Store or Windows Phone Marketplace because apps that use APIs to access your address book get more scrutiny, would likely get caught and removed if they did this. Privacy means something over there.
 
+Odi Kosmatos, some of us object very strongly to the idea of a hardware or OS vendor having that level of control over the apps we run. That's a big part of why I won't even consider using an iProduct.
John Pugh
+
1
8
9
8
 
Are you SURE it started sending the addr book? or did it just compare? and +Odi Kosmatos Android didn't "allow" it to happen. The application did. I can do the same thing on ios or windows mobile.
 
+Odi Kosmatos It's defined on the app that they request powers to do that. Many apps have this on iOS (dunno for WinPhone) most add a confirmation. Btw a long time ago FB on iOS did the same, they fixed the app later.
 
+J. Williams. With android it is your ISP thy decides what to put on your phone and when (and if) to upgrade to the newest os. I think I'd rather trust Apple not the ISP for software management. 
 
Use another twitter client. I'm pretty happy with Ubersocial (which used to be twidroyd).
 
+Pereira Braga To be fair, though, to UI for granting permissions to apps is pretty abysmal. I almost always just breeze through without reading because it takes way too much mental effort to figure out whether an app is requesting a minimal set of permissions to carry out its advertised function. I end up granting a lot of permissions that are way to broad, like read/write access to the whole SD card or unrestricted access to the whole internet.

When it comes to something like Twitter, I would probably grant permission to access my contacts just because I want to be able to use the app, and I expect a high-profile company like Twitter to ask me before actually transmitting any personal data. A better security model would ask for permission for optional features on an as-needed basis instead of asking for every possible permission at install time. OTOH, if you do something like that poorly, you end with a mess like the initial release of Windows Vista, which end user hate. There don't seem to be any easy solutions for running semi-trusted software.
 
i had the same with linkdin - sent to my entire address book - tried to cancel the account to no avail :(
 
Cyanogen has a UI for fine-grained control over the ACTUAL permissions granted to an app, as opposed to the ones they want. I've used that to deny permission to apps in the past. Should be a standard part of future Android OS.
 
+John Pugh Well, at PDC 2010 the Windows Phone team's session on Apps said that if your app accesses the address book, they will check it closely to see if it also sends data, and if it does, will scrutinize it. By the way, it's not called "Windows Mobile" now, it's "Windows Phone". Windows Mobile failed, it's dead, only the kernel remains, and for a limited time it seems.
 
While we're on the subject of security, I'd like to plug the work of +Mark Miller, who I just learned works for Google now. I don't know if anything he's been up to is directly applicable to Android security, but I was very impressed with the ideas in his "E" language (http://erights.org/) back in the day.
 
+Odi Kosmatos Any app that gains access to your contact list on Android is approved by the user upon installation. You agree to the access an app is allowed to have. The same goes for iOS. Apple can scrutinize all it wants, but it can and does allow apps to access the address book. The problem, if you read the post, is that the twitter app assumed that by clicking "find my friends", you wanted to upload your entire address list to their servers. Clicking "find my friends" should have brought you to a dialog screen detailing what it was about to do, and allow you to hit yes or no.

This has nothing to do with Android as an operating system, as this can happen on any OS. You can be a fanboy all you want - but the last I heard, Apple doesn't block apps because they "might be confusing to some". Tho, they do block lots of things... legal things, like apps that access wikileaks articles or racy images that can be found by using their browser instead. As a fan of being able to do what I want, I would suggest everyone ditch their apple products and/or jailbreak it and ignore the moral police :) but that's just me.
 
I usually don't use any third-party app for twitter...
 
Moral of the Story: Never look for friends...
 
Yeah, I noticed (and was bothered by) this obnoxious behavior too. Yes, I guess I did grant the app this permission but, as +J. Williams pointed out, the Android system and UI for permissions is such that few users pay much attention.

And, like others here, I assumed that twitter corp would be a little more restrained. Silly me.

Here is a WSJ article that examines another instance of the problem:
http://online.wsj.com/article/SB10001424052748704694004576020083703574602.html
It reports that the problem is a little worse on iOS then on Android, but really it is pretty bad on both platforms.

It seems to me that all of the platforms could do better in protecting their users' privacy - I'm just not sure they want to.
 
Official Twitter app for Android is worse than perl. Uglyhorrible and buggy.
 
Perl looks like someone shat punctuation into a file.
 
All together you did not actually prove all your contacts were uploaded?

Could such a matching feature be implemented using a secure one way hash?
 
If you want Goole+ to continue say no to SOPA and PIPA!
 
not Twitter but the app you used betrayed you. Now you betray your Twitter followers ;) [I very seldomly and reluctantly use G+]
 
Google+ (or more properly the Google+ stream, since the "+" encompasses a lot of things) is pretty much what I always wanted Twitter to be.
Yang Yu
+
1
2
1
 
+Odi Kosmatos i really hate Microsoft sending so many troops online trying to convince people buying their stupid wp7. seriously i don't want to use IE ever again!
 
I like how the permission system gives insight into what app could do. But right now, either you grant them all, if you trust the developers, or you don't install the app. Is there some mode in which you can grant a subset of the permissions requested only upon usage? Much like the -c flag for ssh-add, the access to MacOS Keychain entries or network access via Little Snitch.
 
Hi Guido,

If you've your Android rooted (which you should), install LBE Privacy Guard from the market. It permits you allow or deny every permission of every app (the options are "allow", "deny" or "ask"). It will popup a notification every time you install a new app so you can review the permissions. It also publish a message every time it denies a permission from an app, so I can see for example that the Twitter app is also trying to get my location for no good reason every time it connects for the periodic update :-/
 
That's what happens when you mix untrusted code and ambient authority…
 
+Guido van Rossum I'm the product manager for Twitter for Android. The Find Friends notification should have had a disclosure around how it would "scan your contacts." Was that language not there? It's intention was to make clear that we'd be reading the phone's address book as part of this feature -- going beyond permission we requested from the user at time of download.
 
+Sung Hu Kim I think that people just click accept based on trust (or read based on lack of trust) looks like you've just lost some trust.
 
It´s curious that you blame twitter and not android.
 
+Sung Hu Kim since you are here, could you explain why Twitter for Android is also trying to get my location every time it awakes to download new tweets?
 
Very Interesting .....Well i was never a twitter fan.....
 
Have an account but don't use it any more either!
Oan Nam
 
+Guido van Rossum Just don't use the official Twitter client. I personally use the mobile web interface, but there are a lot of nice and partly open source clients out there!
 
+Odi Kosmatos thank you very much for sending me that Info.. I found it rather interesting. If you know any other useful links please feel free to post.
 
;-) hmm - and that cannot happen to us on G+ - since G+ has all our gmail contacts anyway ;-D
Add a comment...