this post was submitted on 25 Jul 2025
568 points (97.8% liked)

Technology

73254 readers
3767 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
568
Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan (www.404media.co)
submitted 1 day ago by bytesonbike@discuss.online to c/technology@lemmy.world
208 comments fedilink hide all child comments
 

Users from 4chan claim to have discovered an exposed database hosted on Google’s mobile app development platform, Firebase, belonging to the newly popular women’s dating safety app Tea. Users say they are rifling through peoples’ personal data and selfies uploaded to the app, and then posting that data online, according to screenshots, 4chan posts, and code reviewed by 404 Media.

you are viewing a single comment's thread
view the rest of the comments
[–] thymos@discuss.tchncs.de 6 points 1 day ago (1 children)

This is something I worry about all the time as well, especially since I've started to learn how to code and experienced how easy it is to mess up and send a list with all registered users to everyone opening a page. (This was in a test environment.)

As a user, there is no proper way I know of to verify an app's security. Most apps are closed source, but even if you could view the code, what would you look for?

Both Apple and Google have a verification process for apps that are published in their app stores, but if these worked, we wouldn't see this happening.

There are academic researchers working on apps and privacy as well, but it's not like you can ask them for a report on an app you're thinking of installing.

I think it basically comes down to trust. Check if a developer has messed up in the past and how they dealt with that, that sort of stuff. And for dating apps there is this interesting article: https://www.privacyguides.org/articles/2025/06/24/queer-dating-apps-beware-who-you-trust/#reducing-the-risks-when-using-dating-apps

It's a long read (haven't fully read it myself yet) and it paints a bleak picture, but that's the world we live in today.

[–] troglodyke@lemmy.federate.cc 2 points 4 hours ago (1 children)

You can pay for a 3rd party to penetration test your app, it's good practice to do this before you launch an app, after any significant changes, and annually at a minimum.

There are also a growing number of companies offering continuous penetration testing - basically, automated pen tests - but these are expensive and it's difficult to convince companies that the cost is worth it

[–] thymos@discuss.tchncs.de 1 points 2 hours ago

Thanks, that's good to know! If I do ever decide to release an app, I'll definitely look into this.