In a blog post, Twitter said that attackers could work “around Android system permissions” to gain access to a users' account.
This is seemingly by using external apps which could access Twitter in-app data by adding extra safety precautions beyond those that are standard in the operating system.
Twitter has said the new update will now forbid such practises.
Twitter also says it has no evidence that this vulnerability was exploited by hackers – 96 percent of people using Twitter for Android already have the security patch that protects their app from this attack, it said.
Nevertheless, the four percent who do not will need to update. Twitter has sent in-app notifications to everyone who could be using a vulnerable device.
The company says it is “identifying changes to our processes to better guard against issues like this” too.
This news comes as Twitter is reeling off one of the most dangerous hacks in its history, as the accounts of many prominent figures including Bill Gates, Joe Biden, Kanye West, Jeff Bezos and others were hacked to promote a Bitcoin cryptocurrency scam.
Twitter claims that a “phone spear phishing attack” was used to gain access to Twitter employees information, that could then be used to target higher-profile employees.
This contradicts previous reporting, apparently speaking to the hackers at the time on the condition of anonymity, that suggests the hackers paid a Twitter employee for access to internal tools. Twitter declined to comment.