Twitter has patched its app from a vulnerability within Android that could let a malicious app siphon users' private date — including their direct messages — while bypassing system permissions. Every Twitter for Android user was notified about the security hole which affects users on versions 8 Oreo and 9 Pie.
The vulnerability was publicized and stitched up in the Android Security Bulletin for October 2018. That's 22 months ago. Twitter says about 96% of its users are safe from it and is requiring the remainder to install an update which includes an app-level patch.
The notification users got if they have used Twitter on any Android device
The company is still reeling from last month's hijacking of more than 100 verified members' accounts for the purposes of harvesting Bitcoin. Three people were arrested for the plot, the mastermind of them being a 17-year-old Floridian who is alleged to have hawked his high-level access to black market buyers who wanted to acquire valuable usernames.
It'll take a lot more than a technical band-aid on a random vulnerability to repair the trust lost in that failure, but letting everyone know about it is an effective way of marketing that effort.