Twitter Continues Cleanup and Cracks Down on Malicious Apps

The move is part a wider push to make Twitter “healthier,” which includes ridding the platform of spam and abuse.
Image may contain Nature Outdoors Graphics and Art
Twitter says it removed more than 143,000 apps from the platform in May and June for violating its policies.Casey Chin

Several weeks ago, a friend signed up for a Twitter application that promised to delete old tweets. It was advertised as a simple way to clear your online presence, but after he used it, my friend noticed that his account began retweeting spam. Out of an abundance of caution, he deleted his Twitter account entirely.

On Tuesday, Twitter announced steps it was taking to curb this exact sort of abuse. Between May and June of this year, the social network says it deleted more than 143,000 apps that violated its policies prohibiting developers from using its APIs to automate spam, abuse, or violate people’s privacy, among other rules.

The move is part of a greater cleanup happening at Twitter. Earlier this month, the company announced that it was removing some suspicious accounts from people’s follower lists, and the The Washington Post reported it had recently suspended more than 70 million fake accounts entirely.

Automated accounts often play a central, positive role on Twitter. There’s a Twitter bot that creates emoji aquariums, one that spits out “deep” questions about the universe, and another that tweets anonymized information about individual Americans each hour using data from the decennial US census. Developers also use Twitter’s API to create all sorts of tools, like Nuzzel, an app that displays news stories the people you follow on Twitter are talking about.

There are thousands of other useful, delightful, or otherwise harmless apps on Twitter, but the social network has also been plagued by ones that automate abuse, leveraging Twitter’s tools to violate its own policies. Twitter apps have been created that direct-message spam, help carry out misinformation campaigns, and assist governments conducting online surveillance. Now, the social network is cracking down on them, as part of a wider effort to make Twitter “healthier.”

In addition to removing problematic apps, Twitter announced Tuesday that it is rolling out new policies to prevent ill-intentioned developers from getting access to its APIs in the first place. The company will now require all developers interested in creating apps to go through a stricter application process, which was initially launched in November for access to its “premium” APIs. Developers already using Twitter’s APIs will also need to go through the process; Twitter says they will be given 90 days notice before enforcing the requirement.

The application will require developers provide “detailed information about how they use or intend to use Twitter’s APIs so that we can better ensure compliance with our policies,” wrote Yoel Roth, Twitter’s platform policy manager, and Rob Johnson, a senior product management director, in their blog post announcing the change.

Twitter is also imposing new limits on developers whose applications are accepted. For example, a single developer account can now only register 10 apps by default, and must submit a request for the ability to create more. Apps will now also be limited in the amount of automated activity they can facilitate. A Twitter bot, for example, will only be allowed to tweet or retweet 300 times in an hour and follow only 1000 people in a day. In addition, Twitter rolled out a new tool where users can report malicious apps and API abuses.

These new limits expand on rules Twitter introduced in February to cut down on spam and tactics like those used in the lead-up to the 2016 presidential election, when Russian propagandists created networks of bots to artificially amplify political messages.

Twitter also isn’t the only social network that has struggled to monitor developers using its platform. Facebook continues to weather fallout after news broke earlier this year that it had allowed the political data firm Cambridge Analytica to siphon off data belonging to more than 80 million people via a personality quiz app.

In response, Facebook also tightened its policies for developers and began an audit of apps that had requested access to user data in the past. It has so far deleted at least 200 of them.

Twitter and Facebook have for years welcomed developers to use their platforms to create everything from silly bots to entire businesses. The idea was to facilitate the creation of an entire ecosystem, which could live on top of a social network. Now they’re realizing how thousands of developers have abused that access for their own gain—at the expense of users.


More Great WIRED Stories