Twitter said that it had accidentally collected location data of some users accessing its app through Apple devices.
The bug only affected a portion of Twitter’s iOS user base, which had more than one Twitter account registered on their device, and had chosen to share their location using the optional feature in one account, explained the company.
The precise location feature of Twitter for iOS is a setting that Twitter says allows it to "collect, store, and use your device’s precise location, such as GPS information."
Enabling the feature allows Twitter to "improve your experience, for example showing you more local content, ads, and recommendations."
As a result of the bug, Twitter said that it may have accidentally collected location data for the other account or accounts on the same mobile device.
What makes it concerning is that, the location data of those affected was shared in real-time bidding process with a Twitter partner, means this partner received unauthorized data.
Due to a bug in Twitter for iOS, we inadvertently collected and shared location data (at the zip code or city level). We have fixed the bug, but we wanted to make sure we shared more of the context around this with you. More here: https://t.co/n04LNt62Sa
— Twitter Support (@TwitterSupport) May 13, 2019
After first knowing about the bug's existence, Twitter said it had initially intended to remove location data from information sent to a “trusted partner” during the real-time advertising bidding.
But since “This removal of location data did not happen as planned,” instead, location data was then “fuzzed” or generalized, and not more specific than a zip code or city (down to at least 5 km squared).
That means the data “could not be used to determine an address or to map your precise movements,” the company explained.
Twitter also assured affected users that the partner receiving the location data didn’t also receive their Twitter handle or a unique account identifier. The unnamed partner wouldn’t also be able to determine users' identity, the company says.
According to the company’s announcement:
"We have fixed this problem and are working hard to make sure it does not happen again. We have also communicated with the people whose accounts were impacted to let them know the bug has been fixed. We invite you to check your privacy settings to make sure you’re only sharing the data you want to with us."
Twitter continued by saying that all users affected by this bug have been notified, and anyone with questions can fill out a form to contact Twitter’s Data Protection Officer.
Also ensuring users, the social media platform said that the information inadvertently collected was not retained, and only existed in their systems for a short period of time.