TeaOnHer, an app designed for males to share images and details about ladies they’ve supposedly dated, has uncovered customers’ private data, together with authorities IDs and selfies, information.killnetswitch can verify.
The app, which launched on the Apple App Retailer earlier this week, is a response to a different viral app Tea that enables ladies to submit concerning the males they date. Tea is marketed as a ladies’s security app with greater than 6 million customers that’s just like “Are we courting the identical man?” Fb networks. Nevertheless, the app is controversial, since most of the claims that girls submit can’t be verified.
The backlash surrounding Tea escalated final week, after 404 Media reported 4chan customers retaliated by discovering a publicly uncovered database belonging to the app, which revealed over 72,000 photos, together with hundreds of selfies and photograph IDs submitted for account verification. A subsequent hack uncovered greater than 1 million non-public messages despatched over the app, prompting the app to disable its messaging characteristic.
TeaOnHer, which is now ranked No. 2 amongst Way of life apps on iOS, seems to be a direct rebuttal to the Tea app, even copying the language from Tea’s App Retailer description in its personal itemizing.
However just like the app it sought to emulate, TeaOnHer accommodates security flaws of its personal.
information.killnetswitch has discovered no less than one security flaw that enables anybody entry to information belonging to TeaOnHer app customers, together with their usernames and related e mail addresses, in addition to driver’s licenses and selfies that customers uploaded to TeaOnHer. Pictures of those driver’s licenses are publicly accessible net addresses, permitting anybody with the hyperlinks to entry them utilizing their net browser.
In a single case, information.killnetswitch noticed an inventory of posts shared on TeaOnHer appended with every person’s e mail handle, show title, and self-reported location.
information.killnetswitch is withholding among the particulars of the bugs in order to not assist malicious actors entry anybody’s information. The app’s maker didn’t reply to emails from information.killnetswitch asking who we are able to report the issues to. As such, information.killnetswitch is publishing this report with restricted particulars of the difficulty, given the app’s present reputation and the chance confronted with utilizing the app.
TeaOnHer was uploaded to the iOS App Retailer by a developer named Newville Media Company. In accordance with LinkedIn, the founder and CEO of this firm is Xavier Lampkin.
information.killnetswitch recognized no less than one TeaOnHer document related to Lampkin’s personal information.
The security lapse will doubtless have an effect on any person who signed up or shared identification paperwork with the app. The bug additionally exposes the variety of customers the TeaOnHer app has, which is about 53,000 customers on the time of publication.
information.killnetswitch additionally recognized a possible second security challenge, during which an e mail handle and plaintext password belonging to the app’s creator, Lampkin, was left uncovered on the server. The credentials seem to grant entry to the app’s “admin” panel. information.killnetswitch didn’t use the credentials, as doing so could be illegal, however highlights the dangers of inadvertently leaving admin credentials uncovered to the online.
Together with its security flaws, the content material portrayed inside TeaOnHer is troubling in itself. Whereas the app requests IDs and selfies from its customers to confirm their identities — a course of that isn’t computerized — customers can entry a “visitor” view of the app with out signing in.
Instantly upon opening “visitor” view, information.killnetswitch noticed a number of photos of the identical bare lady, posted underneath completely different names in a type of spam. It’s not clear if this lady consented to this photograph being shared. Different posts share the images and names of ladies, alongside feedback calling them “straightforward,” or accusing them of spreading sexually transmitted infections.
Throughout all free apps, TeaOnHer is ranked No. 17, increased than apps like Instagram, Netflix, Uber, and Spotify. Tea is at present ranked No. 2.
