> I don't see where he gave permission for the app to post Tweets for him. He gave it access to his Twitter account, but that's not the same thing.
It is exactly the same thing. If you give something access to your twitter account, you are giving it the ability to post, and therefore, tacit permission to post.
Ability and permission are not often link like this in real life.
If I walk up and stand two feet infront of someone I have given them the ability to try to punch me in the face, I have not given them permission to do so.
If I utilize a computer repair service and I grant them remote access to a computer at their request I have likely given them the ability to run the equivalent to rm -rf /, but I have not given them permission to.
I can grant a friend access to my house by giving them a key that does not mean I give them the permission to do what ever they want in my house.
In the above three cases there are legal consequences for a party when overstepping their permissions.
You need to see what the permission means within the behavior of similar permissions, and that is written in application guidelines for iOS devices. Here's one way that this app violates the guidelines, hence does something unexpected with the permission:
"17. Privacy
17.1
Apps cannot transmit data about a user without obtaining the user's prior permission and providing the user with access to information about how and where the data will be used"
It is exactly the same thing. If you give something access to your twitter account, you are giving it the ability to post, and therefore, tacit permission to post.