Teaonher, an application designed for men sharing photos and information about women who are supposed to date, has exhibited users’ personal information, including government identifiers and selfies, TechCrunch can confirm.
The app, which started at the Apple App Store earlier this week, is an answer to another viral application tea that allows women to publish about dating men. Tea is advertised as a women’s safety application with more than six million users that are similar to “Do we treat the same guy?“Facebook networks, however, the application is controversial, as many of the claims that women publish cannot be verified.
The reaction around tea escalated last week after 404 media reported that 4chan users opposed Discovering a publicly exposed database It belonged to the application, which revealed more than 72,000 images, including thousands of selfies and photo identifiers submitted for an account verification. A consequent hack More than a million private messages sent above the application were exposed, prompting the application to turn off the messaging feature.
Teaeonher, which now ranks #2 between Lifestyle applications on iOS, seems to be an immediate objection to tea application, even copying the tongue from the description of the Tea App Store on its own list.
But as well as the application he tried to imitate, Teaonher contains his own security imperfections.
TechCrunch has found at least one security defect that allows any access to data belonging to Teaonher applications, including user names and relevant email addresses, as well as the licenses and selfishness of the driver transformed by users to Teaenher. The images of these driving licenses are accessible to public web addresses, allowing anyone with the links to access them using their web browser.
In one case, TechCrunch saw a list of posts shared at Teaeonher attached to each user’s e -mail address, display name and self -reported location.
TechCrunch withholds some of the details of the errors, so as not to help malicious actors have access to each person’s data. The app manufacturer did not respond to TechCrunch emails by asking who we can mention the defects. Therefore, TechCrunch publishes this report with limited details on the issue, given the current popularity of application and the risk of using the application.
Teaeonher was uploaded to the iOS app by a developer called Newville Media Corporation. According to LinkedIn, the founder and chief executive of this company is Xavier Lampkin.
TechCrunch recognized at least one teaonher record related to Lampkin data.
Security will probably affect any user who has registered or shared identity documents with the application. The error also exposes the number of users of the Teaeonher application, which is about 53,000 users at the time of the publication.
TechCrunch also acknowledged a possible second security issue, in which an e -mail code and PlainText password owned by the creator of the application, Lampkin, was exposed to the server. The credentials appear to provide access to the application “Administrator” of the application. TechCrunch did not use the credentials, as this would be illegal, but underlines the dangers of unintentionally letting the credentials exposed to the web.
Along with its safety defects, the content depicted in Teaeonher is annoying on its own. While the app seeks identifiers and selfish from its users to verify their identity – a process that is not automatic – users can access a visitor visitor of the application without connecting.
Immediately after the opening of the “guest” projection, TechCrunch saw several images of the same naked woman, published with different names in a form of unwanted mail. It is not clear if this woman has agreed with this photo shared. Other positions share the photos and names of women, along with comments that call them “easy”, or accusing them of spreading sexually transmitted infections.
In all free applications, Teaonher ranks #17, higher than applications such as Instagram, Netflix, Uber and Spotify. Tea is currently ranked #2.
