Overview

• Security researchers exploited easy-to-find backend flaws to retrieve driver’s license photos, selfies, email addresses and private messages from TeaOnHer within ten minutes of its App Store link, TechCrunch reports.
• TeaOnHer climbed to the number two spot on the U.S. iPhone App Store before developers patched the vulnerability earlier this month.
• Unlike the high-profile Tea breaches that led to suspended messaging features, FBI inquiries and class-action suits, TeaOnHer’s operator has remained silent and has not notified users.
• The app’s App Store privacy label falsely claimed no data collection despite mandating government ID uploads, exposing gaps in Apple’s review process.
• Renewed scrutiny of both Tea and TeaOnHer underscores broader concerns over the security and oversight of identity-verification services.