As of yesterday, Twitter has upgraded the security for its API, which now requires third-party apps (that is, those not made by the company itself) to use more secure connections.
Developers would’ve been aware of the changes since December, when Twitter posted about the changes on its developer portal, and sent out a tweet on Monday to remind developers. Now that the changes have been enforced, though, the developers who haven’t updated their applications will have some disgruntled users, who cannot connect to Twitter.
It’ll also break many embedded devices that connect to Twitter. Those devices would not have been coded with the need for the new security in mind, and as a result they’ll cease functioning. Not a problem for anything that runs an app, but definitely an issue for some automated Twitter tickers and dumb devices that have non-ugpradeable software.
The move to use SSL and TLS for connections to Twitter means that all data transmission from applications to Twitter’s servers is now encrypted. Previously information was transmitted using plaintext HTTP – a problem huge problem for privacy, especially now that people know about PRISM. It’s also something that could’ve landed Twitter in hot water with the regulatory bodies in countries that have strict privacy laws. Here in South Africa the Protection of Personal Information (POPI) act could hold a company guilty for any breach of information that is deemed preventable. And transmitting information in plaintext is very much preventable.
Combined with its Oauth tokens, which prevents applications from transmitting user passwords, the company has now taken almost all measures necessary to protect its users. Last year it introduced an option for users to connect to the web interface using SSL, as well as two-step authentication following password breaches on certain high-profile accounts.