Millions of Twitter users will be asked to update their Android app after the company found a security flaw.
Twitter said the vulnerability could let other malicious apps access private information such as direct messages.
It said most users were already protected by an Android security update, but 4% were still vulnerable.
Twitter said anyone still affected by this flaw would get an in-app notification “to let them know if they need to do anything”.
“We don’t have evidence that this vulnerability was exploited by attackers,” it added.
But it acknowledged “we can’t be completely sure” and was taking the highly unusual steps “to keep the small group of potentially vulnerable people safe”.
Twitter claims to have more than two billion users, and Google’s Play app store says it has been installed more than a billion times onto Android devices.
But an exact count of affected users has not been disclosed. Twitter publicly announces “monetisable” daily active users, which are those who see ads. It currently has 186 million of them, but does not provide a breakdown by platform.
- Twitter hack court hearing ‘Zoombombed’ with porn
- Twitter hack: Staff tricked by phone-phishing scam
Twitter said the bug affected those using Android versions eight and nine; the current version is Android 10, with 11 due to be released soon.
Twitter disclosed the flaw on its privacy blog, but did not say how long the loophole had been open for.
It comes weeks after a high-profile Twitter hack that gained access to the company’s systems, allowing major celebrities’ accounts to be compromised.