Rising Concerns Over App Security and Data Privacy
Recent cyberattacks have exposed the sensitive personal data of thousands of users, raising serious concerns about the security of mobile applications. One such incident involved the Tea Dating Advice app, which was used by women to discuss and review men they date. The breach led to the exposure of private information, including photos, government IDs, and direct messages. A few days later, a California jury ruled that Meta had wrongfully collected data from users of the period-tracking app Flo.
These incidents are part of a growing trend of high-profile app hacks and leaks. According to the Identity Theft Resource Center, 1.7 billion people had their personal data compromised in 2024 alone. Among the recent targets were companies like genetic data provider 23andMe, Microsoft’s workplace software, and the Tea app, which positioned itself as a safety tool for women.
Legal Action and User Impact
In response to the breach, a California judge combined five class-action lawsuits from Tea users who accused the company of failing to protect their sensitive information. The plaintiffs included a single mother fleeing domestic violence and a woman who posted on Tea about an alleged rapist in her community. Following the hack, online communities used the leaked data to create maps of user locations and shared photos with misogynistic comments.
Despite these issues, both Tea and Flo continue to operate and remain available on major app stores. This highlights a recurring issue: consumers often hand over sensitive information to apps without fully understanding the risks or having recourse when things go wrong.
Ongoing Challenges in Data Protection
Online safety advocates have long warned that many apps collect excessive data and store it insecurely. Despite repeated breaches, little has changed, according to experts. The United States still lacks a comprehensive data privacy law, and tech companies, aided by AI-driven development, often prioritize speed over security.
Chester Wisniewski, a global director at cybersecurity firm Sophos, noted that it is common among software developers, especially start-ups, to lack the knowledge to securely store information. He emphasized the need for better security practices across the industry.
The Role of App Developers and Platforms
Tea gained popularity after trending videos on social media highlighted its controversial features, such as allowing women to rate and review men based on “red flags” and “green flags.” However, this also attracted attention from hackers, who accessed and shared users’ private information.
Since the breach, Tea has continued to promote itself on social media, but it has taken steps to address the issue, including removing its direct message system. However, cybersecurity experts argue that the app’s setup reflects a lack of adequate security measures, putting users at risk from the outset.
Dave Meister, a global head at Check Point Software, pointed out that many start-up apps focus on the front-end experience while neglecting back-end security. In Tea’s case, an exposed database allowed hackers to access sensitive information easily.
Regulatory and Industry Responses
Apple, which hosts the Tea app, requires developers to implement appropriate security measures. However, the company typically gives developers time to fix issues before taking action. Apple did not comment specifically on the Tea app, but its guidelines emphasize protecting user data.
Regulators are increasingly stepping in to hold companies accountable. Last week’s ruling against Meta in the Flo app case followed previous accusations of misleading users about how health data is handled. While regulatory efforts are improving, experts warn that the rise of AI-driven development, such as “vibe coding,” could lead to even more unsafe apps in the future.
Risks to Vulnerable Groups
Unsafe apps pose a significant risk to women and other vulnerable groups, according to Michael Pattullo, senior threat intelligence manager at Moonshot. His company has recorded numerous violent threats against women online, with data breaches fueling this dangerous ecosystem. Leaked personal information can put users at risk of physical harm.
Social media platforms also face criticism for not doing enough to prevent the spread of leaked information. Moonshot reported that mainstream sites took down only 28% of flagged posts in 2024, with the rate dropping to 6% so far this year.
The Need for Accountability
Without stronger protections from tech companies, social platforms, and app stores, the burden falls on individuals to protect their data. Pattullo emphasized that users should not be expected to take responsibility for security failures. Instead, accountability must rest with the companies that collect and mishandle sensitive information.
