...
This vulnerability was fixed in Twicca v0.9.31. Instead of declaring the activity exported="false"
in AndroidManifest.xml, Twicca fixed this vulnerability by validating the caller of this activity. In the onCreate()
method of the activity class, code was added to check if the package name of the caller is the same as the package name of itself. If the package names are different, the activity exits:
...