Twitter says a security bug may have exposed the private direct messages of its Android app users, but said that there was no evidence that the vulnerability was ever exploited. The bug could have allowed a malicious Android app running on the same device to siphon off a user’s direct messages stored in the Twitter app by bypassing Android’s built-in data permissions. But, Twitter said that the bug, patched in October 2018, only worked on Android 8 (Oreo) and Android 9 (Pie), and has since been fixed. A Twitter spokesperson…
