Ask HN: Why is "Tea" still on the App Store after so many data breaches?
94benguild677/30/2025, 11:47:02 AM
Furthermore, it’s being promoted in the “Top Charts” while the “App Privacy” card says they only collect email addresses.
Comments (67)
tebbers · 1d ago
Because Apple carefully vets all apps and that's why it must be allowed to maintain its App Store monopoly!
vdfs · 22h ago
To be fair the app itself wasn't compromised, heck even the server wasn't breached, it was just a database open for everyone!
nickthegreek · 22h ago
Thats true of the first hack, the photos. But I dont believe that is true for the 2nd, the messages.
general1726 · 19h ago
Everything works as it has been designed. I wonder which companies will start using this excuse after being hacked.
znpy · 19h ago
> it was just a database open for everyone!
All good then!
neilv · 1d ago
Related: Tea app leak worsens with second database exposing user chats (bleepingcomputer.com) | 120 points by akyuu 1 day ago | 145 comments | https://news.ycombinator.com/item?id=44716529
jonplackett · 23h ago
> “A legacy data storage system was compromised”
I am always amused by corporate jargon used to cover up ineptitude.
In this case legacy data storage system = publicly accessible bucket
TheNewsIsHere · 1h ago
It is amazing how quickly anything relatively modern gets designated “legacy” when the business needs to blame it for their mistakes and/or incompetence.
rich_sasha · 23h ago
It's like when B737 Max crashed and Boeing blamed a "software glitch". It's about dressing the failure up as something that could randomly happen to anyone.
gadders · 23h ago
There was also a website posted on 4chan where you could rate member's photos against each other in terms of attractiveness.
flanked-evergl · 23h ago
The app provides doxxing as a service, not sure why Apple would start worrying about data breaches for such an App.
istumbler · 8h ago
I wonder if they will approve my new apps: “Ezzy” and “Cray” where people can rate dates for how easy it was to get them into bed and how crazy they were during and/or after.
flanked-evergl · 1h ago
I'm somewhat opposed to the idea of having a walled garden App Store as Apple does, which is why I don't use Apple.
But Apple insists they do have a walled garden, and people buy Apple with that expectation, so I certainly hope and expect that Apple doesn't approve apps like these. Any app that does doxxing as a service should not be on Apple's app store IMO.
anonzzzies · 1d ago
I see many breaches and people still use the products. Even tech stuff: people knowingly using tech/dev products of people who are either sloppy, plain incompetent or both. I don't get it but here we are.
TradingPlaces · 1d ago
In the 80s and 90s I was positive that customers would revolt over the constant security issues and generally poor quality of Microsoft software. I don’t need to tell you that it did not happen.
anonzzzies · 1d ago
True. Well, we as a company left them (in the 90s). Thats 500 people. So nothing. Still happy we did.
red-iron-pine · 23h ago
hard to revolt against a monopoly. the only alternative is expensive Apple gear, or (for most of the 90s-2000s) learning a deep set of skills to use the nascent linux desktop options.
amarcheschi · 1d ago
We didn't revolt when tobacco companies screwed generations of people, and this is just an example of the many screwing happened in the past from big companies, I'm not positive on the fact people will revolt for privacy breaches such this one
runjake · 21h ago
I don't know, but I don't want Apple exercising even more draconian control over what apps I have on my Apple devices.
If I want to use an app with a horrendous security track record, I should be able to. See also: the plethora of other popular apps with horrendous security track records.
So, be careful what you ask for.
testfrequency · 1d ago
Privacy is a fundamental human right.*
*Unless your app has an IAP and is wildly popular, then we don’t mind
cyanydeez · 1d ago
Privacy is a fundamental capitalist product.
Theres something that changes in the brain when it learns that everything can be translated to cash value.
Simulacra · 1d ago
It's possible, although I have zero proof, that some of the people responsible for removing apps from the App Store, agree with it. The moderation has always been bull crap and recourse is little if any.
cmxch · 23h ago
Doxxing as a service is OK for Google/Apple if you market it as safety for their favored audiences against disfavored audiences.
No comments yet
hazmazlaz · 22h ago
The same reason that Microsoft products are still in the App Store after so many breaches. Because having a security breach is not part of the App Store equation.
anonymousiam · 23h ago
Couldn't one ask the same question about Facebook?
isodev · 1d ago
Because Apple's stance on protecting users only covers cases supporting the App Store walled garden or such that make you buy a new phone. If anything, it's good to keep it on the store - so many people are searching for it, seeing and clicking ads.
znpy · 1d ago
Rules are made up, and only apply to regular people.
No comments yet
amarcheschi · 1d ago
Just a fyi, but it is not available in eu
jaennaet · 20h ago
Was it available at some point?
rester324 · 1d ago
Because there is no punishment for handling data with so much carelesness. If there was a law which seriously punished them, the app would be long gone. That's what you get when the tech bros dictate how the legislation should work
flanked-evergl · 23h ago
Tech Bros don't dictate how legislation should work. And Tea is not in Europe because under GDPR an app which does doxxing as a service is not legal.
risyachka · 1d ago
Tbh this is possible only in software. No matter what you do - epic incompetence, leak user data, doxx users, basically allow their identities to be stolen etc - zero consequences.
Kinda crazy. In any other industry they would not even allow you in the door without showing some king of understanding what you do.
You can't even sell hotdogs without food license. But in software - wild west.
cjs_ac · 1d ago
The general public has come to accept that computers are magic. Sometimes the magic does good things, sometimes it does bad things. If there's a person with a public profile who is seen to be controlling the computers, governments might do something to punish that person, but if they remain invisible, no one dares tamper with the magic.
thefz · 20h ago
Well, finance and banking can do even worse and be bailed out with public money.
nomilk · 1d ago
Not quite true, see Banking.
0_____0 · 23h ago
Or medical devices. Or aviation/spaceflight. Or automotive.
It turns out there's actually quite a bit of precedent for doing actual Software Engineering, versus what most of the software world seem to be doing (presumably rotating a database by 90 degrees, duct taping it to another database, and sticking a front-end on it?)
colesantiago · 1d ago
As long as Apple collects their cut of popular apps through in app purchases,
They don't care, and nobody cares.
But they should.
Tea will just update the app / force update the app to fix these issues.
cmxch · 23h ago
They did care enough to repeatedly pull apps when they did the same thing but in the opposite direction.
msgodel · 1d ago
They didn't even instrument the apps during review for the longest time. I think they recently started using an HTTP proxy to watch the connections they make.
People put way more trust in the review process and app store gate keeping than it deserves.
worthless-trash · 1d ago
Thr irony that i had apps rejected for asking for personal information only stored in the app.
But having drivers license stolen is fine.
buyucu · 23h ago
because Apple doesn't care.
camillomiller · 1d ago
As a man who's always considered himself a strong feminist, I think that tea's issue are way more profound that just some data breach.
Women were convinced to trust the app as a safe space, but it never was for various reasons. First, as proven by the breach, privacy was not guaranteed.
Second, I do not see how a women-only app made to complain on men can help any men get better in their behavior, instead of balcanizing society even more, creating camps and hatred. This is not safe in itself. It won't further women's condition in their relationship with men. It alienates men even more, gives arguments to the Jordan Peterson-style toxic masculinity influencers, and inevitably fosters toxic behavior in women too.
liveoneggs · 23h ago
It's an app capitalizing on fear and sexism.
I appreciate that you managed to reenforce and give weight to those same fears and sexist talking points, though. I guess there is a market for both.
thinkingtoilet · 1d ago
The app wasn't made for men to get better. It wasn't made for men at all, believe it or not. It was made, very poorly, for women to protect themselves because women face realities men do not.
general1726 · 19h ago
And yet it turned into girl's version of Kiwi farms.
rester324 · 23h ago
I don't think that Jordan Peterson is toxic. Although I haven't watched any of his videos for years now, so that might have changed. What makes him toxic in your opinion?
On the other hand I believe what you wrote can be summarized as toxic feminism.
oc1 · 1d ago
Tea is too big too fail, that's why Apple doesn't pull the plug otherwise they would anger a good portion of their angry female user base.
unlogic · 23h ago
And that angry user base will do what, exactly? Switch to Android? One can dream.
All good then!
I am always amused by corporate jargon used to cover up ineptitude.
In this case legacy data storage system = publicly accessible bucket
But Apple insists they do have a walled garden, and people buy Apple with that expectation, so I certainly hope and expect that Apple doesn't approve apps like these. Any app that does doxxing as a service should not be on Apple's app store IMO.
If I want to use an app with a horrendous security track record, I should be able to. See also: the plethora of other popular apps with horrendous security track records.
So, be careful what you ask for.
*Unless your app has an IAP and is wildly popular, then we don’t mind
Theres something that changes in the brain when it learns that everything can be translated to cash value.
No comments yet
No comments yet
Kinda crazy. In any other industry they would not even allow you in the door without showing some king of understanding what you do.
You can't even sell hotdogs without food license. But in software - wild west.
It turns out there's actually quite a bit of precedent for doing actual Software Engineering, versus what most of the software world seem to be doing (presumably rotating a database by 90 degrees, duct taping it to another database, and sticking a front-end on it?)
They don't care, and nobody cares.
But they should.
Tea will just update the app / force update the app to fix these issues.
People put way more trust in the review process and app store gate keeping than it deserves.
But having drivers license stolen is fine.
Women were convinced to trust the app as a safe space, but it never was for various reasons. First, as proven by the breach, privacy was not guaranteed. Second, I do not see how a women-only app made to complain on men can help any men get better in their behavior, instead of balcanizing society even more, creating camps and hatred. This is not safe in itself. It won't further women's condition in their relationship with men. It alienates men even more, gives arguments to the Jordan Peterson-style toxic masculinity influencers, and inevitably fosters toxic behavior in women too.
I appreciate that you managed to reenforce and give weight to those same fears and sexist talking points, though. I guess there is a market for both.
On the other hand I believe what you wrote can be summarized as toxic feminism.