San Francisco: With mobile phones becoming an integral part of the people, it now houses more personal data than at their home. This apparently attracts cybercriminals to prey on naive users and steal sensitive data such as financial credentials and in some cases retrieve user locations, email IDs to spam them with telemarketing messages.

Now, it has come to light that two app companies-- One Audience and Mobiburn--have misused the app permissions of Twitter and Facebook. They made use of Software Development Kits (SDK)-laced with malicious codes to track the social media users and access location, name, email IDs, latest tweets and Facebook posts.

Twitter in the official blog has confirmed that the aforementioned app developers have retrieved user data from its microblogging site, but only on Android devices.

The iPhone and iPad owners are said to be safe, as the default security screening in the iOS versions of Facebook and Twitter block such malicious apps.

"We have informed Google and Apple about the malicious SDK so they can take further action if needed. We have also informed other industry partners about this issue.  We will be directly notifying people who use Twitter for Android who may have been impacted by this issue”, Twitter said.

For now, Twitter and Facebook users need not have to do anything unless, if you happen to have downloaded any third-party apps developed by One Audience and Mobiburn. Then, uninstall them immediately.

Facebook in a press statement has also announced that they sent a notice of cease and desist to the aforementioned app developers and also notify the affected social media users.

All users are advised to be wary of such third-party apps before installing them on their phones. Also, make a habit of reading through the privacy documents and never give access permissions to location or any other information for the third-party apps during the installation process.