Daryl Morey’s $50,000 Mistake May Have Been Prevented. Right here’s How To Test Permissions For Third-Occasion Apps
BOSTON, MA – MARCH 3: Daryl Morey and Jessica Gelman play a ping pong ball among themselves during this time … [+]
Boston Globe via Getty Images
Daryl Morey, president of basketball operations for the Philadelphia 76ers, was fined $ 50,000 Monday by the National Basketball Association (NBA) for tweeting about James Harden, a star player and a competing team. Under normal circumstances, this is a pretty dry violation of the league’s tamper protection rules – and one that’s full of intrigue, considering Harden plays for a team that previously hired Morey as general manager.
The thing is, Morey never posted the tweet, nor did he hit the “send” button. The tweet was actually an automated message sent by a third-party app called Twitter Memories.
Twitter Memories, developed by OnThisDay.me and not affiliated with Twitter, is a pretty simple concept: it shows tweets that you sent years ago on a particular day. In Morey’s case, a tweet was pulled from a year earlier. At that time he was still the general manager of the Rockets. In celebration of James Harden, who became the Houston Rockets’ all-time leader in assists, Morey tweeted a graphic highlighting success. The tweet was sent on December 20, 2019.
A year later, on December 20, 2020, Twitter Memories’ tweet was revived. The app retweeted the original message with the text “#OnThisDay 1 year (s) ago – Twitter reminders via onthisday.me”. While that’s a pretty mundane tweet in the grand scheme of things, it was enough to trip the wire of the NBA. Although Morey deleted the tweet, he was fined $ 50,000 by the league for tweeting about an opposing team’s player.
Morey’s mistake was granting Twitter Memories, a third-party app, permissions to his Twitter account. When using the app, it will ask for authorization to perform certain actions on your account. These actions include: See Tweets from your Timeline; View information about your Twitter profile and account settings; View accounts you follow, mute, and suspend; follow and follow accounts for you; Update your profile and account settings. Create, manage, and delete lists and collections for you; Mute, suspend, and report accounts for you; and most importantly, post tweets for yourself. The app did just that for Morey, and a fine from the NBA league offices quickly followed.
To avoid the same fate as Morey, check out all the permissions that third-party apps ask for when you give them access to your account. Is there a reason a reminder pop-up app needs permission to lock accounts for you, let alone post Tweets under your name? Of course not! However, in providing a relatively simple service, some apps get greedy and request additional, potential permissions.
Open the Security & Privacy menu to check which third-party apps currently have access to your Twitter account. Navigate to the Security & Account Access menu, select Apps and Sessions, and then select Connected apps. This is where you can find all of the third-party apps that are currently connected and what type of access they have to your account. Click on an individual app to view the details. If you think an app is accessing too much, just hit the Revoke Access button. This will disable the app’s ability to see or do anything with your Twitter account.
That simple security check could be enough to save you from an embarrassing accidental tweet or, in the event you happen to be a top manager for an NBA franchise, from deducting $ 50,000 on your next paycheck.