Yesterday we were contacted by the Twitter API team and informed that WordTwit Pro‘s use of the API was not inline with the Twitter’s terms of service for third-party applications. The reasons given by the Twitter API team were:

“[WordTwit Pro] facilitates serial posting across multiple accounts, tweet/retweet automation, tweet branding and automated affiliate advertising.”

After reviewing the alleged violations by the Twitter API team, we are of the opinion that the reasons given are not justified based on the typical use cases of WordTwit Pro users.

First, WordTwit Pro does allow a user to push a tweet out to multiple accounts simultaneously. This feature is meant to simplify management of a website where new post information would routinely by posted to multiple accounts. For example, a WPtouch-related post on BraveNewCode could be pushed to the @wptouch and @bravenewcode Twitter accounts. This functionality is by no means specific to WordTwit Pro; it exists in almost all Twitter clients available today.

Second, while WordTwit Pro does allow a user to automate certain tweets or retweets, all of these essentially have to come at the request of the end-user. This represents a form of tweet scheduling, which is also a standard feature in many Twitter services and clients.

With regards to tweet branding and affiliate advertising, we are ultimately at a loss. Other than the WordTwit Pro application registered with Twitter (which ultimately causes each tweet to be associated with WordTwit Pro), there is no branding on tweets done by BraveNewCode or WordTwit Pro. Each user has the ability to manually edit a tweet before it goes out, which is no different than most Twitter clients. We also provide a very detailed Tweet Log in WordTwit Pro, which shows every tweet that is generated by WordTwit Pro, even if they were not successfully tweeted.

Ultimately Twitter has suspended the OAuth token currently used by WordTwit Pro, which has caused WordTwit Pro installations using the default configuration to stop working. We have tried to communicate with the Twitter API team to work towards resolving the misunderstanding, but as of right now the token is suspended and they have not responded to our most recent attempts to open a dialog or to educate them further about our product.

To simplify the process of setting up WordTwit Pro, we included a generic WordTwit Pro OAuth token registered with Twitter. Since we do not know the nature of the original complaint with Twitter, we can only assume a person or company witnessed some form of SPAM associated with an installation of WordTwit Pro and reported the application in violation. Since we do not control any portion of a WordTwit Pro installation or any tweets that are generated once a user installs the software, we are unable to intervene when any users potentially abuse the product.

Going forward we are forced to remove the default token within WordTwit Pro; this means all end-users will have to register a custom application with Twitter to use with their installation. That also means each user will be responsible for abiding by Twitter’s terms of service for use of the Twitter API. Since the feature to add a custom OAuth application already exists within WordTwit Pro, current installations already using this feature are not affected by the revoked token.

If you have been affected by this, please visit this page for information on how to create a custom application with Twitter and configure WordTwit Pro to use it.

We will release version 3.3 of WordTwit Pro shortly, which will require custom applications for new installations. If you have been using the custom application feature already and you upgrade, your installation should not be affected by this change.

We apologize to anyone who has been affected by this incident, but as the token was revoked by Twitter without any prior warning, we were not able to resolve any concerns without the downtime experienced by customers.

We are pleased to announce that Joyce Peralta will be joining the BraveNewCode team today in the position of Community Specialist. Joyce has extensive customer interaction and marketing experience, and previously helped manage the University of Victoria’s social media sites as well as some of their more than 70+ web initiatives.

If you’re a current or future BraveNewCode customer, you can looking forward to hearing from Joyce via Twitter, Facebook, our newsletter, our blog, as well as various sites within the WordPress community.

On behalf of all of us here at BraveNewCode, welcome to the team Joyce!

I’m currently down in Auckland, New Zealand, coding away while waiting patiently for Hobbiton to open up to visitors again (they are currently filming the Hobbit on-site right now). In the meantime though, I thought I’d try to organize a little WordPress meetup down near the water.

If you’re a WordPress lover in or about Auckland, New Zealand, then feel free to RSVP and come out for a few drinks. The meetup will be really informal, and will be a great chance for WordPress lovers to get to know each other over a few pints.

If you know anyone in Auckland, then please forward this information along. Thanks.

We just wanted to post quickly and let everyone know that recently a supposed SQL injection vulnerability was found in WPtouch (the free version). This report is false.

The vulnerability declared at packetstormsecurity.org and other security alert-type sites is impossible.

There is no ajax.php file in the root of WPtouch, therefore this vulnerability is flat-out impossible.

We take WordPress security seriously at BraveNewCode, and have on numerous occasions issued updates for security exploits in our plugins that we’ve found before they’re in the wild. We know WPtouch is a popular plugin and one that can be targeted because of it’s popularity and wide install base. We work hard to ensure the safety of our plugins on your WordPress installations.

It’s been a couple months since the last release of WPtouch Pro, but that’s not because we weren’t hard at work on it! We decided to focus our efforts with fixes, additions and changes into a major point release, so 2.4 bakes in a huge list of updates.

Retina Startup + Landscape Startup on iPad

We’ve long wanted to support retina startup screens for Web-App Mode on iOS for the iPhone 4 (and now iPhone 4S). We’ve been waiting on Apple to implement this feature, and with iOS 5 they finally have. So 2.4 supports adding a retina version of your startup screen image if you’d like to use one.

Additionally, it’s now possible with iOS 5 to add a Landscape version of the startup image for iPad. effectively now you can offer startup screens in your WPtouch Pro Web-App in exactly the same way that native apps can.

FitVid.js

In WPtouch Pro 2.4 we’ve added the fitvids.js jQuery plugin, which takes your object, embed, iframe and html5 videos in posts and pages and automatically scales them based on orientation, and screen size. In WPtouch Pro 2.4 your videos will always look great.

Aloha! iOS 5 Native Scrolling

As if the above wasn’t enough, we’ve also added iOS 5 native scrolling for Web-App Mode on mobile, and replaced the javascript scrolling we used on iPad with iOS 5 native scrolling.

iOS 5 on iPhone & iPod touch

Now in Web-App mode the header remains fixed like native apps, while the body content scrolls in native speed and momentum.

iOS 5 on iPad

The result is a smooth scrolling experience, coupled with access to features in mobileSafari which were previously impossible on iPad like text selection. For previous iOS versions on iPad, the scrolling method will gracefully degrade.

♥ Android

Along with several styling and appearance improvements for Android devices, we’ve also added support for ontouchstart and ontouchend to Android. This speeds up interacting with the UI and makes for a more native experience.

The Whole Story

For a complete list of changes for 2.4 you can visit the support posting about the new release (you need to be logged in with a pro account), or view the change log in the read me accompanying the update.