[gfavvas]

It's definitely unethical, and also against Twitter's TOS (https://dev.twitter.com/terms/api-terms) which state:

II) 1) B) Get users' permission before: - sending Tweets or other messages on their behalf. A user authenticating through your application does not constitute consent to send a message.

I'd disable their access to your account and report the app to Twitter: http://support.twitter.com/groups/33-report-a-violation

[eslachance]

Ah, I should have looked there. Didn't know where to find the TOS for apps using Twitter.

I will definitely report them for this. Thanks for the link!