A Different Tea-Themed App Was Also Leaking Private User Data with Basically No Security Checks ⇥ techcrunch.com

Sydney Bradley, Business Insider, last week:

The viral Tea app, which lets women post anonymously about men, has a new rival: TeaOnHer. In a gender flip, the new app is for men.

TeaOnHer is largely a copy of the original, but for men instead of women. Its description in Apple’s App Store is nearly identical to that of the other Tea app, which is officially called Tea Dating Advice.

Zack Whittaker, TechCrunch:

TeaOnHer was designed for men to share photos and information about women they claim to have been dating. But much like Tea, the dating-gossip app for women it was trying to replicate, TeaOnHer had gaping holes in its security that exposed its users’ personal information, including photos of their driver’s licenses and other government-issued identity documents, as TechCrunch reported last week.

[…]

The flaws we found appear to be resolved. TechCrunch can now share how we were able to find users’ driver’s licenses within 10 minutes of being sent a link to the app in the App Store, thanks to easy to find flaws in the app’s public-facing backend system, or API.

As of writing, TeaOnHer is the second most popular free app in the U.S. iOS App Store, and Tea is third.

Unlike data exposed by Tea, which was spread all over the web, I cannot find any reports of data from TeaOnHer being reposted more widely. That is probably because it is a new app. But it is also, surely, a reflection of the gender makeup of each app, and who is more likely to be targeted.