Twitter has just announced that it will be drilling down on third party app permissions, and will be taking away automatic OAuth access to Direct Messages for apps that need it. As of today Twitter clients that need access to your DMs will ask you for permission to access them. Apps that no longer need access will no longer have access.
In addition to the new DM permission level, the app permissions screen (above) will now give you more details as to what the third party app is allowed to do with your account, drilling down into specifics like reading tweets from your timeline, updating your profile and posting tweets on your behalf.
From the Twitter developer forum:
“In particular, users and developers have requested greater granularity for permission levels. In response to this feedback, we have created a new permission level for applications called “Read, Write & Direct Messages”. This permission will allow an application to read or delete a user’s direct messages.
When we enforce this permission, applications without a “Read, Write & Direct Messages” token will be unable to read or delete direct messages. To ensure users know that an application is receiving access to their direct messages, we are also restricting this permission to the OAuth /authorize web flow only. This means applications which use xAuth and want to access direct messages must send a user through the full OAuth flow.”
These changes mean that apps that use xAuth will now have to go through OAuth in order to provide users granularity on the access levels of a given app. Developers have until the end of the month to get their apps in gear.
Twitter says that these new changes were the result of developer and user feature requests, but inevitably some developers are seeing the move as yet another Twitter land grab for ecosystem control.