Twitter applications can access the priv lwa of a user’s posts, even if they do not consent. The lowest authorization level gives officially no access to private lwa messages, but in practice it’s not.
As an application to a user asks for read-only access to his or her account, it is explicitly stated that the app cannot access the private messages from this account. The Rotterdam-based developer Simon Colijn discovered, however, that he indeed also private messages could be accessed and told Tweakers.net. “I was busy with a new project, and I researched what I do and couldn’t do with Twitter,” says Colijn.
He built an application to prove that apps have access to information that is not accessible should be. “I thought I had nothing special to do to the private messages view, I simply used the default code,” says Colijn. It is unclear as to how long read-only-apps, all messages can see.
Third parties can with the help of Twitter software applications for the microbloggingdienst develop. Twitter uses the oauth protocol to let users log in without the developer access to passwords. There are three levels; the lowest level represents applications officially only read only access to a limited set of data. Private messages are not.
Update, 16:23: As tweaker TvdW is the problem with Twitter is known. Although users have for a while being told that read only applications do not have access to private messages, here in the practice is not checked. If everything goes according to plan, it will happen only from the end of this month.
Update, Saturday, 11:40: Twitter has solved the problem. When authorizing read-only-apps, it is stated that this only at the end of this month no longer have access to private messages.
