Twitter bug leaks iOS users’ location data to partner
Twitter Support (@TwitterSupport) May 13, 2019
The bug, which only affected some Twitter users, has already been fixed.
It involved inadvertently collecting and sharing location data at the postal code or city level. The bug specifically affected some people who were using more than one Twitter account on iOS and who had opted into using the precise location feature in one of those Twitter accounts. On the affected devices, the location data sharing accidentally spilled from one opted-in account to other, non-opted-in accounts on the same device, Twitter said.
Twitter told Engadget that employees discovered the glitch.
Separately, Twitter says it intended to remove location data from fields sent to a trusted partner during an advertising process known as real-time bidding. That didn’t go as planned. The partner couldn’t see precise locations, as in, it didn’t get more precise than a postal code or city an area equivalent to 5km squared, Twitter said.
The partner couldn’t get a precise address or map precise user movements. Nor did the partner get Twitter handles or other unique account IDs that could have revealed users’ identities.
While that location data was pretty fuzzy, it never should have been collected, or shared with the partner, in the first place. But it also means that for those people using Twitter for iOS whose location data was inadvertently collected, Twitter also may have shared that data with an advertising partner.
Twitter said the partner only had the data in its system for a short time: it’s already been deleted as part of the company’s normal data-handling procedures.