Teaonher, an app designed for men to share photos and information about women they allegedly dated, exposed users’ personal information, including government identifiers and selfies, Techcrunch can confirm.
The app, launched on the Apple App Store earlier this week, is a response to another viral -theo tea, which allows women to post about the men they date. Tea is advertised as a female security app with more than six million users who are similar to ”Do we meet the same guy?“Facebook networks. However, the app is controversial, as many of the claims that women can be controlled after.
The reaction surrounding tea climbed last week, after 404 media reported 4chan users retained from Discovering a publicly displayed database belonging to the program that revealed More than 72,000 images, including thousands of selfies and photo IDs presented for controlling account. A subsequent hack exposed more than a million private messages sent through the app, prompting the application to Turn off its messaging.
Teaonher, who is now ranked number 2 among lifestyle programs in iOS, appears to be direct countering to the TE -App, even copying the language of the app store of tea in its own listing.
But as the app it was intended to emuli, Teaonher contains its own securities.
Techcrunch has found at least one security damage, which allows any access to data belonging to Teaonher app, including their usernames and related email addresses, as well as driver licenses and selfies, which users uploaded to Teaonher. Images of these driver licens are publicly accessible email addresses, allowing anyone with the links to access them with their browser.
In one case, Techcrunch saw a list of posts shared on Teaonher appealed with the email address, screen of each user, and a self-reported location.
Techcrunch retains some of the details of the errors not to help malicious actors access anyone’s data. The manufacturer of the app did not respond to Techcrunch emails asking who we can report the flaws. As such, Techcrunch publishes this report with limited details on the issue, considering the current popularity of the application and the risk faced by the use of the app.
Teaonher was uploaded to the iOS App Store by a developer named Newville Media Corporation. According to Linkedin, the founder and general manager of this company is Xavier Lampkin.
Techcrunch identified at least one Teaonher registered with Lampkin’s own data.
The Security Lapse is likely to affect any user who signed or shared identity documents with the app. The error also exhibits the number of users that the Teonher -app, which is about 53,000 users at the time of the publication.
Techcrunch also identified a possible second security problem, in which an email address and a simple password belonging to the creator of the app, Lampkin, was left displayed on the server. The credentials seem to grant access to the “administrator” of the app. Techcrunch did not use the credentials as to do so would be illegal, but emphasizes the risks unintentionally leaving managing credentials exposed to the network.
Along with its security flaws, the content portrayed within Teaonher is annoying in itself. While the app asks for identifiers and selfies from their users to check their identities – process not automatic – users can access a “guest” view of the app without logging in.
Immediately after opening a “guest” view, Techcrunch saw several pictures of the same naked woman, posted under different names in the form of spam. It is unclear whether this woman agrees to this photo shared. Other posts share the photos and names of women, along with comments calling them “easy”, or accusing them of spreading sexually transmitted infections.
Across all free programs, Teaonher is ranked #17, higher than programs like Instagram, Netflix, Uber and Spotify. Tea is currently ranked #2.
