Twitter app snoops contacts data and messaging activity on my mobile phone
Recently Twitter started to send me notifications
when someone that “I know” joins Twitter and makes their first
Twitter post.
Today I received yet another notification on the
Twitter client on my mobile phone saying Jussi K. has posted his
first message on Twitter. I know only one person of that name and he
is the dad of my friend called Samuli K. What puzzled me was that I
don't actually know his dad very well. The last time I met him was
bit over 20 years ago, well before social networking.
How does Twitter know that I may be interested in
a tweet from Jussi K? Who I haven't had any dealings with for a very
long time?
Figure 1 Today's events on Twitter
The only link that I can think of between Jussi K.
and I is a relationship via a person called Samuli K. Samuli is the
son of Jussi K. I am close friends with Samuli K. and vice versa (I
like to think).
If Samuli and I had been in frequent contact with
each other on Twitter and Samuli and his dad were the same, I
wouldn't be too surprised about being notified about tweets from his
contact.
What concerns me is the fact that Samuli hasn't
got a Twitter account, when I checked recently. I checked the list
of the people his dad is following, Samuli wasn't there. I know from
the list of 400+ people I follow Samuli is not on my list. I searched
Samuli K. and found 3 matches but these accounts belong to other
people.
Figure 2 The real life connection I've
with Samuli and Samuli has with his dad.
So how does Twitter know that I'm interested in
Jussi K's tweet without us having direct link between us?
There must be a link that resides outside the
network because Samuli doesn't have account on Twitter.
A clue is found in Twitter app settings on Android
phone.
In app permissions section of Twitter app settings
I can see that I've given permission for Twitter app to read your
contacts. Jussi K. has done the same when he installed Twitter on
his device.
As we both have given Twitter permission to read
our contacts it looks like Twitter has joined 2 contact lists,
compared them and found a contact that exists in both of our lists.
Figure 3 The link between Jussi K.
and me
But wait.
If Twitter simply links 2 users based on
the contacts they have in common then I'd expect to receive more
frequent notifications
for tweets from people that have no relevance to
me. I assume Samuli's phone number exists in many other Twitter
users' contacts list that I'm not directly linked with. But I've
never before received notifications for tweet from a person that
doesn't exist in contacts on my phone. Why did it happen this time?
I believe that Twitter is taking further advantage
of the read your contacts permissions and analyse the
frequency how often Jussi K and I are in contact with Samuli. As we
both are in regular contact with him it makes it likely that we,
Jussi K and myself, both know Samuli well and through Samuli we are
likely to know each other.
The read your contacts permission enables
detailed analysis as per description “Allows the app to read
data about your contacts stored on your phone, including the
frequency with which you've called, email or communicated in other
ways with specific individual”
I've no problem with app analysing my contacts
when I've given it the permission to do so. For example messaging app
Viber asks for the access to read your contacts and it uses
the permission to notify me when someone from my contacts installs
Viber. Im OK with this.
But to use the data in the way that Twitter
appears to be using it concerns me a lot. Samuli has never installed
Twitter app nor accepted any Terms and Conditions of Twitter, but
still he appears to be added into Twitter database and used as a link
to relay notifications between registered Twitter users. Did Twitter
ask his permission to do that? No. What if he would like to get his
records removed from the database? There is no account for him to
close, so then what?
I feel a little bit guilty about allowing this to
happen to Samuli. I don't want the same thing to happen to any of my
other non-Twitter contacts, so I've decided to get rid of the Twitter
client on my phone and continue using Twitter on browser which hasn't
got access to my contacts.
Twitter has to become more transparent on how our
personal data is used and for what purpose. The Twitter client is now
banned from my mobile and I won't install it again until this
happens.
footnote