Goodbye Twitter, Hello X: What Are the Security Concerns?

The rollercoaster ride of Elon Musk’s Twitter buyout has taken another twist, as the social media platform looks poised to be rebranded “X”. Should we be worried about the security and privacy implications of Musk’s “everything” app?

Where did the idea for X come from?

After Musk finally closed the deal to buy Twitter in October of 2022, he quickly privatized Twitter and merged it into a parent company called X Corp, before revealing how he planned to use Twitter to accelerate his plans to build an ‘everything’ app also called X:

Buying Twitter is an accelerant to creating X, the everything app

— Elon Musk (@elonmusk) October 4, 2022

This was the first indication of his ambitions for the platform, but most didn’t expect Twitter itself to become X rather than one element of the proposed “everything” app. In July 2023, the wheels were put in motion as Twitter’s famous bird logo disappeared in favor of an X, and the x.com URL went live (redirecting to twitter.com for the time being).

Our headquarters tonight pic.twitter.com/GO6yY8R7fO

— Elon Musk (@elonmusk) July 24, 2023

What is the concept of an “everything” app?

The “everything” app Musk envisions is similar to WeChat, a Chinese super app used for instant messaging, social media, and making payments. Musk has repeatedly praised WeChat, describing it as “sort of like Twitter, plus PayPal, plus a whole bunch of things all rolled into one.”

As of March 2023, WeChat had almost 1.3 billion active monthly users. And there are many other popular super apps in eastern countries, including Grab, Gojek, and Alipay. But despite the efforts of companies like Meta, Amazon, and Google, western users are yet to adopt the super app model — which may be down to privacy and security concerns.

Elon Musk’s everything app will face several hurdles in terms of privacy, surveillance, bots, and online safety. Will these discourage mobile users in Europe and the US from using the X app?

Will people trust the X app with their data?

Most people in the West use the internet daily. They’re used to handing over their personal data in exchange for a service. Apps like WhatsApp, Zoom, Instagram, and TikTok have become so ingrained in our online culture that many people have no qualms about sharing their data with them.

But will people see the X app in the same way? While many service providers continue to collect large volumes of user data, privacy concerns from users and governments alike have never been higher. So it’s possible that privacy regulations will have a severe impact on the development of the X super app.

Elon Musk has a significant fanbase, thanks to his pioneering enterprises and outspoken online persona. But a series of controversies and failed initiatives, not least surrounding Twitter itself since Musk took over, have also sewn a lot of distrust. And Twitter is still struggling to remove the bot accounts and activities that caused Musk himself to second-guess his takeover bid in 2022.

From laying off 6,500 of Twitter’s 8,000 staff members and contractors, to changing Twitter’s blue-tick verification system to a paid subscription model, Elon Musk’s Twitter has turned many loyal users off the platform, allowing Meta’s Threads to swoop in and register over 100 million users within days.

However, Meta is not short of its own data privacy shortcomings, dating back to the Cambridge Analytica scandal. Have consumers grown weary of sharing information with corporations, or it Threads’ early success a sign that people will always be willing to use these platforms?

The bot problem

The X app faces another significant security problem: social media bots. Back in 2017, researchers suggested that up to 15% of Twitter users were bots. And as Twitter’s user base has grown, the number of bots is now likely to be much higher. Musk himself has called out this problem, citing it as the main reason for initially pulling out of the Twitter deal.

Bots can significantly influence public opinion. Evidence suggests they’ve been responsible for spreading misinformation about events including the Covid-19 pandemic and the two most recent US presidential elections. One study found that 82% of the 50 most influential retweeters are bot accounts.

Twitter recently attempted to quell scraper bots specifically by limiting how many tweets non-subscribed users could access daily to 300, to the chagrin of regular users. But with the ease at which bot accounts can be created and scraping activity distributed, it’s hard to say how effective this measure might be in the long term.

Without a doubt, as Twitter evolves into the X app, Musk needs to solve the bot problem. In addition to spreading misinformation, bots can also perform phishing attacks and romance scams. This puts users at risk of financial theft, fraud, and malware installation on their devices.

The potential for surveillance

Despite an increase in privacy regulation, recent incidents show that app user data can be intentionally exposed to third parties in the US. In 2022, Facebook turned user data over to US law enforcement, who then prosecuted a teenager for seeking an illegal abortion. This led to a surge in warnings against using apps to track fertility.

Unlike the EU and the UK, the US doesn’t have sweeping data protection laws in place. So it’s not always clear how your data could or will be used. Facebook has set an unsettling precedent for collecting and sharing private information about an individuals’ health with law enforcement agencies. Having all your information in one super app may make it even easier for law enforcement agencies and governments to keep citizens under surveillance.

Is it safe to have all your data in one place?

Super apps are designed for convenience. Shopping, messaging, social media — everything is all in one place.

But this convenience comes with inherent risks. Suddenly, if a cybercriminal manages to get hold of your super app password, they’ll have access to everything — from private messages to previous purchases to bank details. All this information can be used to steal money, commit identity theft, or subject you to ransomware attacks.

Using different apps with different passwords means that even if one of your passwords is exposed, the rest of your data remains protected. With a super app, hackers can get all the information they need with a single password.

Will the convenience of an all-in-one super app outweigh security concerns?

Elon Musk isn’t the first Western entrepreneur to set his sights on building a super app. Facebook, Amazon, Google — all these established companies have brought out new services in an attempt to monopolize the super app market in the US and Europe. But so far, none of these have been as successful as WeChat. In fact, in 2022, Facebook announced a loss of daily active users for the first time.

Smartphone users in the US and Europe have browsing habits that are difficult to break. So it’s going to be difficult to entice them away from familiar platforms like PayPal and WhatsApp, regardless of the convenience of a super app.

To be successful, the X app will need to become far more than Twitter with a payment platform. While it remains to be seen what changes are coming to Twitter – aside from its name and new logo – Elon Musk needs to prioritize privacy and security to break new ground in a saturated super app market.