Despite Disastrous Security, Tea App Still a Hit on the US App Store!

Tea is not a well-known name in many parts of the world, primarily because this iOS and Android app, designed to let women review men they’ve dated, is not available in Europe. However, it has gained significant attention in North America, and not for positive reasons. Beyond potential controversies related to its operational model, the primary issue has been its disastrous security practices, which completely disregard basic security norms as revealed by an investigation from 404 Media.

Initially, users from the online forum 4chan discovered a public database maintained by Tea’s developers, which included highly sensitive user information. This database housed photos, private messages, and even copies of official documents used for account creation, which were supposed to be deleted immediately afterward. Despite Tea’s developers confirming the security breach to 404Media and claiming the data was over two years old, this was proven false as the site retrieved private messages that were less than a week old.

The leaked private messages between Tea users contained a wealth of personal information, some of which could be potentially harmful given the current American political climate. Notably, several messages discussed abortions, which have become illegal in various states, potentially exposing women to legal action through these leaks. Although only user IDs were linked to conversations in the freely accessible database, 404Media noted that identifying the individuals was straightforward. Moreover, many messages included names, particularly of men reported by the users, further linking them to real-world identities.

With these significant security lapses, over 70,000 images and numerous supposedly private conversations were accessed. Considering Tea boasts 1.6 million active users, it’s likely that much more data remains on their servers. While it is possible that additional security measures have been implemented since, the risk of more extensive data breaches cannot be dismissed. Despite these issues, the service has not vanished from the spotlight; on the contrary, as noted by John Gruber, the app is still ranked third in the overall U.S. App Store rankings. I confirmed this was still the case at the time of writing.

The controversy has also inadvertently helped promote the service, as all publicity, even negative, tends to increase visibility. It’s conceivable that many people are curious about the app, leading to a natural increase in downloads. The blogger questions why Tea remains so prominent in the App Store rankings, noting its absence from Google Play. Android’s creator hasn’t removed the app, and it’s unlikely that iPhone’s will, as the issues seem to stem from incompetence rather than malice, until proven otherwise. However, Google’s store no longer features it prominently, and one must search by name to find it.

Why hasn’t Apple taken similar steps on the App Store? Keeping it high in the rankings essentially provides free advertising, and the Tea app certainly does not deserve such visibility at this time.