This article was published on May 18, 2011

Like Facebook, Twitter announces more detailed permissions for third party apps [Updated]


Like Facebook, Twitter announces more detailed permissions for third party apps [Updated]

Twitter has announced that they are going to begin giving users more control over what information they share with third party apps. The new permissions details will give users a more accurate idea of what features of their account the app will be allowed to access and it began as of Tuesday. Updated with response from Twitter.

Any apps that you use to access your Direct Messages in particular will need to ask for that permission again. By the end of the month any apps that do not need access to DM’s will no longer have it. This should go a long way to alleviating concerns that have been raised about third party apps having unnecessary access to what is ostensibly private communication on Twitter.

In addition, when an app has permission to use features of your account, you will receive much more detailed information about just what the app is able to do. This includes reading your tweets, posting Tweets and, of course, accessing your direct messages. The same option to ‘opt-out’ of sharing the information will exist in a ‘No, thanks’ button.

As usual, you can visit the Applications page in your Twitter account to review which applications you’ve approved or to revoke access.

From a developer’s standpoint, Twitter user DeLuca points out that this means that any apps using the older xAuth standard will not be able to send or receive Direct Messages. They must change over to the newer oAuth standard under the new Twitter Application Permission Model. Twitter says that it knows that this transition will take time and apparently they are allowing for a transition period until the end of May.

We know this will take some time so we are allowing a transition period until the end of this month. During this time there will be no change to the access Read/Write tokens have to a users account. However, at the end of the month any tokens which have not been upgrade to “Read, Write and Direct Messages” will be unable to access and delete direct messages.

Some developers, like the team behind the popular Twitter client Osfoora are taking this change as a sign of hostility to third-party clients.

@twitterapi just say you don’t want 3rd party twitter clients to exist anymore! seriously…

This change is definitely a good one for Twitter users that are interested in third party apps having the minimum amount of access to their accounts. Access to Direct Messages is not necessary for many apps that simply use Twitter as a login or purely to post to a user’s stream. Whether Twitter is handling the change in a manner that is innately hostile to app developers is a question that would require a developer’s perspective. Some other developers, like those behind Tweetings, seem to be taking the change in stride.

According to Tweetings though there is one important wrinkle for users in the way that the new authorization system works. “It appears that Twitter is going to REQUIRE you to re-log in to ALL your clients if you want access to DMs after the end of the month.”

We have contacted Twitter to see if all users will have to re-login to their clients, even those already equipped with the new oAuth system in order to retain DM capabilities. We will update this post if we get a response.

Update: Twitter has responded by saying that all apps that have access to DMs will have to get new authorization to do so.

Any app that needs access to your DMs will request you to reauthorize it.  All other apps will continue to operate without the need to reauthorize.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with