TeaOnHer, an app designed for men to share photos and information about women they have supposedly dated, has exposed users’ personal information, including government IDs and selfies, according to TechCrunch.
The app launched on the Apple App Store earlier this week as a response to Tea, another viral app that allows women to post about the men they date. Tea is marketed as a women’s safety app with over 6 million users, similar to “Are We Dating the Same Guy?” Facebook groups. However, Tea has faced controversy due to unverifiable claims posted by users.
The backlash against Tea intensified last week after 404 Media reported that 4chan users retaliated by uncovering a publicly exposed database linked to the app. The breach revealed over 72,000 images, including selfies and photo IDs submitted for account verification. A subsequent hack exposed more than 1 million private messages sent through the app, leading Tea to disable its messaging feature.
TeaOnHer, now ranked No. 2 among Lifestyle apps on iOS, appears to be a direct rebuttal to Tea, even mimicking its App Store description. However, like its counterpart, TeaOnHer suffers from security flaws.
TechCrunch discovered at least one vulnerability allowing unrestricted access to user data, including usernames, email addresses, driver’s licenses, and selfies. These images are stored on publicly accessible web addresses, meaning anyone with the links can view them. In one instance, TechCrunch found posts on TeaOnHer accompanied by users’ email addresses, display names, and self-reported locations.
To prevent misuse, TechCrunch is withholding specific details about the flaws. The app’s developer, Newville Media Corporation, did not respond to requests for comment. The company’s founder and CEO, Xavier Lampkin, was identified in at least one TeaOnHer record.
The security lapse affects all users who signed up or shared identity documents with the app. At the time of publication, TeaOnHer had approximately 53,000 users.
TechCrunch also identified a potential second security issue: an exposed email address and plaintext password belonging to Lampkin, which appeared to grant access to the app’s admin panel. While TechCrunch did not use these credentials, their exposure highlights significant security risks.
Beyond its technical flaws, TeaOnHer’s content is concerning. While the app requires IDs and selfies for verification—a non-automatic process—users can access a “guest” view without signing in. Upon opening this view, TechCrunch encountered multiple images of the same naked woman posted under different names, likely spam. It is unclear whether the woman consented to these posts. Other posts featured women’s photos and names alongside derogatory comments.
Despite these issues, TeaOnHer ranks No. 17 among all free apps, surpassing Instagram, Netflix, Uber, and Spotify. Meanwhile, Tea holds the No. 2 spot.