TeaOnHer, an app designed for males to share photographs and details about ladies they’ve supposedly dated, has uncovered customers’ private info, together with authorities IDs and selfies, TechCrunch can verify.
The app, which launched on the Apple App Retailer earlier this week, is a response to a different viral app Tea that permits ladies to put up in regards to the males they date. Tea is marketed as a ladies’s security app with greater than 6 million customers that’s much like “Are we courting the identical man?” Fb networks. Nevertheless, the app is controversial, since lots of the claims that girls put up can’t be verified.
The backlash surrounding Tea escalated final week, after 404 Media reported 4chan customers retaliated by discovering a publicly uncovered database belonging to the app, which revealed over 72,000 photos, together with 1000’s of selfies and photograph IDs submitted for account verification. A subsequent hack uncovered greater than 1 million non-public messages despatched over the app, prompting the app to disable its messaging function.
TeaOnHer, which is now ranked No. 2 amongst Life-style apps on iOS, seems to be a direct rebuttal to the Tea app, even copying the language from Tea’s App Retailer description in its personal itemizing.
However just like the app it sought to emulate, TeaOnHer comprises safety flaws of its personal.
TechCrunch has discovered not less than one safety flaw that permits anybody entry to knowledge belonging to TeaOnHer app customers, together with their usernames and related e-mail addresses, in addition to driver’s licenses and selfies that customers uploaded to TeaOnHer. Pictures of those driver’s licenses are publicly accessible net addresses, permitting anybody with the hyperlinks to entry them utilizing their net browser.
In a single case, TechCrunch noticed a listing of posts shared on TeaOnHer appended with every consumer’s e-mail handle, show identify, and self-reported location.
TechCrunch is withholding a number of the particulars of the bugs in order to not assist malicious actors entry anybody’s knowledge. The app’s maker didn’t reply to emails from TechCrunch asking who we are able to report the failings to. As such, TechCrunch is publishing this report with restricted particulars of the difficulty, given the app’s present reputation and the danger confronted with utilizing the app.
TeaOnHer was uploaded to the iOS App Retailer by a developer named Newville Media Company. In keeping with LinkedIn, the founder and CEO of this firm is Xavier Lampkin.
TechCrunch recognized not less than one TeaOnHer report related to Lampkin’s personal knowledge.
The safety lapse will seemingly have an effect on any consumer who signed up or shared identification paperwork with the app. The bug additionally exposes the variety of customers the TeaOnHer app has, which is about 53,000 customers on the time of publication.
TechCrunch additionally recognized a possible second safety challenge, wherein an e-mail handle and plaintext password belonging to the app’s creator, Lampkin, was left uncovered on the server. The credentials seem to grant entry to the app’s “admin” panel. TechCrunch didn’t use the credentials, as doing so could be illegal, however highlights the dangers of inadvertently leaving admin credentials uncovered to the online.
Together with its safety flaws, the content material portrayed inside TeaOnHer is troubling in itself. Whereas the app requests IDs and selfies from its customers to confirm their identities — a course of that isn’t automated — customers can entry a “visitor” view of the app with out signing in.
Instantly upon opening “visitor” view, TechCrunch noticed a number of photos of the identical bare girl, posted beneath completely different names in a type of spam. It’s not clear if this girl consented to this photograph being shared. Different posts share the photographs and names of ladies, alongside feedback calling them “simple,” or accusing them of spreading sexually transmitted infections.
Throughout all free apps, TeaOnHer is ranked No. 17, greater than apps like Instagram, Netflix, Uber, and Spotify. Tea is at the moment ranked No. 2.
