TeaOnHer, an app designed for males to share pictures and details about girls they’ve supposedly dated, has uncovered customers’ private data, together with authorities IDs and selfies, TechCrunch can affirm.
The app, which launched on the Apple App Retailer earlier this week, is a response to a different viral app Tea that enables girls to publish in regards to the males they date. Tea is marketed as a girls’s security app with greater than 6 million customers that’s just like “Are we dating the same guy?” Fb networks. Nonetheless, the app is controversial, since lots of the claims that girls publish can’t be verified.
The backlash surrounding Tea escalated final week, after 404 Media reported 4chan customers retaliated by discovering a publicly exposed database belonging to the app, which revealed over 72,000 photos, together with hundreds of selfies and picture IDs submitted for account verification. A subsequent hack uncovered greater than 1 million non-public messages despatched over the app, prompting the app to disable its messaging function.
TeaOnHer, which is now ranked No. 2 amongst Life-style apps on iOS, seems to be a direct rebuttal to the Tea app, even copying the language from Tea’s App Retailer description in its personal itemizing.
However just like the app it sought to emulate, TeaOnHer comprises safety flaws of its personal.
TechCrunch has discovered at the least one safety flaw that enables anybody entry to information belonging to TeaOnHer app customers, together with their usernames and related e-mail addresses, in addition to driver’s licenses and selfies that customers uploaded to TeaOnHer. Pictures of those driver’s licenses are publicly accessible internet addresses, permitting anybody with the hyperlinks to entry them utilizing their internet browser.
In a single case, TechCrunch noticed a listing of posts shared on TeaOnHer appended with every consumer’s e-mail tackle, show title, and self-reported location.
TechCrunch is withholding among the particulars of the bugs in order to not assist malicious actors entry anybody’s information. The app’s maker didn’t reply to emails from TechCrunch asking who we are able to report the failings to. As such, TechCrunch is publishing this report with restricted particulars of the difficulty, given the app’s present reputation and the danger confronted with utilizing the app.
TeaOnHer was uploaded to the iOS App Retailer by a developer named Newville Media Company. In accordance with LinkedIn, the founder and CEO of this firm is Xavier Lampkin.
TechCrunch recognized at the least one TeaOnHer document related to Lampkin’s personal information.
The safety lapse will seemingly have an effect on any consumer who signed up or shared id paperwork with the app. The bug additionally exposes the variety of customers the TeaOnHer app has, which is about 53,000 customers on the time of publication.
TechCrunch additionally recognized a possible second safety subject, wherein an e-mail tackle and plaintext password belonging to the app’s creator, Lampkin, was left uncovered on the server. The credentials seem to grant entry to the app’s “admin” panel. TechCrunch didn’t use the credentials, as doing so can be illegal, however highlights the dangers of inadvertently leaving admin credentials uncovered to the net.
Together with its safety flaws, the content material portrayed inside TeaOnHer is troubling in itself. Whereas the app requests IDs and selfies from its customers to confirm their identities — a course of that’s not computerized — customers can entry a “visitor” view of the app with out signing in.
Instantly upon opening “visitor” view, TechCrunch noticed a number of photos of the identical bare girl, posted beneath totally different names in a type of spam. It’s not clear if this girl consented to this picture being shared. Different posts share the pictures and names of girls, alongside feedback calling them “straightforward,” or accusing them of spreading sexually transmitted infections.
Throughout all free apps, TeaOnHer is ranked No. 17, increased than apps like Instagram, Netflix, Uber, and Spotify. Tea is at present ranked No. 2.