Twitter has just announced that it will be drilling down on the third party app permissions, and will be taking away automatic OAuth access to Direct Messages for apps that need it. As of today Twitter clients that need access your direct messages will ask you for permission to access them. Apps that no longer need access will no longer have access.
In addition to the new DM permission level, the app permissions screen (above) will now give you more details as to what the app is allowed to do with your account.
From the Twitter developer forum:
“In particular, users and developers have requested greater granularity for permission levels.
In response to this feedback, we have created a new permission level for applications called “Read, Write & Direct Messages”. This permission will allow an application to read or delete a user’s direct messages. When we enforce this permission, applications without a “Read, Write & Direct Messages” token will be unable to read or delete direct messages. To ensure users know that an application is receiving access to their direct messages, we are also restricting this permission to the OAuth /authorize web flow only. This means applications which use xAuth and want to access direct messages must send a user through the full OAuth flow.”
Article courtesy of TechCrunch