A Twitter iOS Bug Caused It to Mistakenly Collect and Share Location Data From Some Users

Its ‘trusted partner’ only retained the information for a short time before it was deleted

A Twitter spokesperson did not have an estimate on how many people were affected
kbeis/iStock

Twitter began notifying impacted iOS users of a bug that may have caused it to inadvertently collect location data, which may have been shared with one of the company’s “trusted partners.”

The social network shared more information in a Help Center post, saying that the bug only affected people who opted in to the precise location feature on one account but use other accounts on the same devices for which the feature was not turned on.

That location data was supposed to be removed from fields sent to the trusted partner company during the real-time-bidding process for advertising, but this did not happen.

Twitter stressed that technical measures were in place to “fuzz” the shared data, making it no more precise than a five-square-kilometer area within a ZIP code or city, adding that the location data could not be used to determine an exact address or to map the specific movements of users.

The social network also said its trusted partner did not receive data such as Twitter handles or other unique account IDs that could have compromised people’s identity on its platform.

Twitter said it confirmed with its trusted partner that the data was only retained on its systems for a “short time,” and it was deleted as part of that company’s normal process, adding that concerned users can contact its office of data protection via this form.

A Twitter spokesperson did not have an estimate on how many people were affected, saying that the company is focusing on informing those who may have been impacted.

Following is the notification Twitter sent to potentially impacted iOS users: “We’re reaching out to tell you about a recent issue that we have resolved where we inadvertently collected some iOS location data. We then shared this inadvertently collected location data—in a form that had been fuzzed so that it was no more precise than a 5-km area—with one of our partners as part of an advertising process known as real-time bidding. We’ve confirmed with our partner that the location data has not been retained, that it only existed in their systems for a short time and was then deleted as part of their normal process. We did not share things like your Twitter handle or other unique account IDs, and we’ve taken steps to ensure it can’t happen again.”

The notification continued, “You’re receiving this notice because you were one of the people affected by this bug. We’re sorry this happened and, while there’s nothing for you to do, you place your trust in us, and we think it’s important to respect that by acknowledging when we make a mistake.”