Twitter's API Tokens For Its First Party Apps Leak On GitHub

7 March 2013

The Next Web:

Twitter’s own apps get preferential treatment — that’s nothing new — meaning that now third-party apps could now presumably use these leaked keys and secrets to work around Twitter’s strict limitations.

As you may have guessed, yes, Twitter can just reset its APIs (and then have to update its apps, which means it could be days before this is fixed unless Apple gives them preferential treatment). But then someone could just go back in and leak the keys again. Now, Twitter appears to have three choices:

  1. It can continue resetting its API keys and secrets, leading to a “long cat and mouse game of twitter updating their keys and using heuristics to recognize their own client followed by twitter clients providing a way to change the client secret,” in the words of Hacker News user pilif.
  2. It can loosen up the restrictions on third-party apps (nah)
  3. It can completely shut down third-party access to its API

“Preferential treatment” is an unfair description of what will inevitably happen. Apple lets any developer apply to have an expedited review. They are generally sympathetic and honour requests that have genuine reasons.

Regarding the actual story, it’s an interesting problem. It is an endless cycle.