Twitter have today updated their application permissions model
“we have created a new permission level for applications called “Read, Write & Direct Messages”. This permission will allow an application to read or delete a user’s direct messages. When we enforce this permission, applications without a “Read, Write & Direct Messages” token will be unable to read or delete direct messages. To ensure users know that an application is receiving access to their direct messages, we are also restricting this permission to the OAuth /authorize web flow only. This means applications which use xAuth and want to access direct messages must send a user through the full OAuth flow.“
“Applications that use “Sign-in with Twitter” or xAuth will only be able to receive Read or Read/Write tokens.
What this means is only applications which direct a user through the OAuth web flow will be able to receive access tokens that allow access to direct messages. Any other method of authorization, including xAuth, will only be able to receive Read/Write tokens.”
This probably particularly affects a lot of iOS applications that have made use of the xAuth. Several popular, well crafted apps made use of xAuth because of the lack of a decent mobile sign in page for oAuth, thankfully this has changed, Twitter do now have a very good mobile experience and fast app switching on iOS has at least made the problem last of a jarring experience for the users.
Unfortunately changes to t+cs like this can be problematic especially when there is at least a one week delay in getting an app approved for the app store, meaning that whilst Twitter have offered some grace until the end of this month, it actually only leaves four working days, if you want to allow Apple five working days to process the update. A particular problem if you do not have your own iOS developers in house that you need to contact and schedule time with
Update and correction: Matt Harris from Twitter pointed out that if you have a read/write token you will still be able to send DMs, so I have altered the title of this post from cannot send DMs to cannot read DMs. The main problem being of course this still only leaves a few working days for applications such as Tapbots Tweetbot or the Icon Factorys Twitteriffic client, which will need to update accordingly to retain the functionality.