A Rival Tea App For Men Is Leaking Its Users’ Personal Data And Driver’s Licenses

TeaOnHer, an app designed for men to stock photos and accusation astir women they person supposedly dated, has exposed users’ individual information, including authorities IDs and selfies, TechCrunch tin confirm.

The app, which launched connected nan Apple App Store earlier this week, is simply a consequence to different viral app Tea that allows women to station astir nan men they date. Tea is advertised arsenic a women’s information app pinch much than six cardinal users that is akin to “Are we making love nan aforesaid guy?” Facebook networks. However, nan app is controversial, since galore of nan claims that women station cannot beryllium verified.

The backlash surrounding Tea escalated past week, aft 404 Media reported 4chan users retaliated by discovering a publically exposed database belonging to nan app, which revealed complete 72,000 images, including thousands of selfies and photograph IDs submitted for relationship verification. A subsequent hack exposed much than 1 cardinal backstage messages sent complete nan app, prompting nan app to disable its messaging feature.

TeaOnHer, which is now classed #2 among Lifestyle apps connected iOS, appears to beryllium a nonstop rebuttal to nan Tea app, moreover copying nan connection from Tea’s App Store explanation successful its ain listing. 

But for illustration nan app it sought to emulate, TeaOnHer contains information flaws of its own.

TechCrunch has recovered astatine slightest 1 information flaw that allows anyone entree to information belonging to TeaOnHer app users, including their usernames and associated email addresses, arsenic good arsenic driver’s licenses and selfies that users uploaded to TeaOnHer. Images of these driver’s licenses are publically accessible web addresses, allowing anyone pinch nan links to entree them utilizing their web browser.

In 1 case, TechCrunch saw a database of posts shared connected TeaOnHer appended pinch each user’s email address, show name, and self-reported location.

TechCrunch is withholding immoderate of nan specifications of nan bugs truthful arsenic to not thief malicious actors entree anyone’s data. The app’s shaper did not respond to emails from TechCrunch asking who we tin study nan flaws to. As such, TechCrunch is publishing this study pinch constricted specifications of nan issue, fixed nan app’s existent fame and nan consequence faced pinch utilizing nan app.

TeaOnHer was uploaded to nan iOS App Store by a developer named Newville Media Corporation. According to LinkedIn, nan laminitis and CEO of this institution is Xavier Lampkin. 

TechCrunch identified astatine slightest 1 TeaOnHer grounds associated pinch Lampkin’s ain data.

The information lapse will apt impact immoderate personification who signed up aliases shared personality documents pinch nan app. The bug besides exposes nan number of users nan TeaOnHer app has, which is astir 53,000 users astatine nan clip of publication.

TechCrunch besides identified a imaginable 2nd information issue, successful which an email reside and plaintext password belonging to nan app’s creator, Lampkin, was near exposed connected nan server. The credentials look to assistance entree to nan app’s “admin” panel. TechCrunch did not usage nan credentials arsenic doing truthful would beryllium unlawful, but highlights nan risks of inadvertently leaving admin credentials exposed to nan web.

Along pinch its information flaws, nan contented portrayed wrong TeaOnHer is troubling successful itself. While nan app requests IDs and selfies from its users to verify their identities — a process that is not automatic — users tin entree a “guest” position of nan app without signing in. 

Immediately upon opening “guest” view, TechCrunch saw respective images of nan aforesaid naked woman, posted nether different names successful a shape of spam. It is not clear if this female consented to this photograph being shared. Other posts stock nan photos and names of women, alongside comments calling them “easy,” aliases accusing them of spreading sexually transmitted infections.

Across each free apps, TeaOnHer is classed #17, higher than apps for illustration Instagram, Netflix, Uber, and Spotify. Tea is presently classed #2.