Tea and the App Store
John Gruber (Mastodon, Hacker News):
I might be forgetting or unaware of previous similar situations, but I can’t recall anything like this before, where an app riddled with outrageous security/privacy vulnerabilities remains virally popular. A Hacker News thread from earlier today debates why the app is even still available on the App Store.
So is it Apple’s place to yank the app? It feels wrong to me that Apple should completely remove Tea from the App Store, but it’s also true that one of Apple’s fundamental pitches for the App Store — and the App Store’s exclusivity for app distribution in most of the world — is that iOS users can trust any and all apps in the App Store because they’re vetted by Apple. But here’s Tea, sitting at #3, providing a service that many woman want, and the entire thing is shockingly untrustworthy. (I fully expect more vulnerabilities to be found and exploited.)
[…]
I strongly suspect that while Google hasn’t removed Tea from the Play Store, that they’ve delisted it from discovery other than by searching for it by name or following a direct link to its listing. That both jibes with what I’m seeing on the Play Store top lists, and strikes me as a thoughtful balance between the responsibilities of an app store provider.
Apple’s guidelines:
Protecting user privacy is paramount in the Apple ecosystem, and you should use care when handling personal data to ensure you’ve complied with privacy best practices, applicable laws, and the terms of the Apple Developer Program License Agreement, not to mention customer expectations.
[…]
All apps must include a link to their privacy policy in the App Store Connect metadata field and within the app in an easily accessible manner.
[…]
Explain its data retention/deletion policies and describe how a user can revoke consent and/or request deletion of the user’s data.
We retain personal information we collect from You where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements). When we have no ongoing legitimate business need to process personal information, we will either delete or anonymize it or, if this is not possible (for example, because personal information has been stored in backup archives), then we will securely store personal information and isolate it from any further processing until deletion is possible.
Tea:
Your data privacy is of the utmost importance to us. We are taking all necessary measures to strengthen our security posture and ensure that no further data is exposed.
[…]
This data was originally archived in compliance with law enforcement requirements related to cyber-bullying prevention. At this time, we have no evidence to suggest that photos can be linked to specific users within the app.
This last sentence turned out to be false.
Previously:
Update (2025-08-04): Sören:
I mean, hang on. We do have those privacy nutrition labels on the App Store, and here’s what Tea claims[…]
That’s it. They claim they collect your e-mail address, for tracking and ID-linking purposes.
Evidently, that’s untrue especially for those unlucky enough to submit photos of their driving licenses and believing in good faith that Tea would delete them. Not only were they collected; they were (of obvious reasons) linked to the accounts, which in turn meant that people could easily create a map of users. Location data! (Not to mention, of course, real names, ages, …)
It seems like the main benefit of Privacy Nutrition Labels is as a checklist to help good developers be more thoughtful about which information they really need to collect. That’s fine, but I’m not sure it moves the needle much. Then you have incompetent and unscrupulous developers who submit false labels, which Apple couldn’t really verify even if it wanted it, so they basically launder Apple’s reputation to lull customers into a false sense of security. What’s the argument that the net effect of the labels is positive? That the bad actors were going to be bad anyway and people don’t read/trust the labels and so aren’t swayed by them?
Previously:
Update (2025-10-22): Joseph Cox:
“This app is currently not available in your country or region,” a message on the Apple App Store currently says when trying to visit a link to the app.
Apple told 404 Media in an email it removed the app, as well as a copycat called TeaOnHer, for failing to meet the company’s terms of use around content moderation and user privacy. Apple also said it received an excessive number of complaints, including ones about the personal data of minors being posted in the apps.
Update (2025-10-23): John Gruber (Mastodon):
Seems odd to me that Apple only pulled Tea from the App Store now, three months after multiple disastrous security breaches revealed their amateur hour approach to security.
Apps for sharing personal information about people which also happen to have loose security practices seem like exactly the sort of apps that Apple claims the App Store protects against.
Because Tea didn’t show a link to pay on the web instead of in-app. Wasn’t an emulator. Didn’t use volume controls to control volume. Didn’t “duplicate Apple functionality”. Didn’t hurt the ego of one wannabe dictator or another.
You know, it didn’t do any of the things that Apple actually truly deeply cares about.
It was not a serious issue… such as bypassing Apple’s 30% revenue cut.
5 Comments RSS · Twitter · Mastodon
Ah, but the last line did *not* turn out to be false! “At that time” they had “no evidence”!
Every angle is bad for Apple and the platform:
- Makes Apple complicit in steering users into another honeypot. Top Lists are more impactful than a one-time recommend.
- Flip side: Let's say Apple removed it from the Top Lists + discovery. How would Apple know its backend is secured? When would they allow it to be re-listed or re-trend?
- None of the (especially recently) dumb ways they've crippled their OSes in the name of security helped here. No Vista popup, no artificial API restriction, and no policy stops what happens to data a user willingly submits to a server.
- Another argument proving App Review is about enforcing Apple's fee, not end-user safety.
But "safety" arguments eventually become about politics or business. Apple had no problem killing Parler for political reasons and was that any more of a shoddy implementation than Tea? Apple had no problem killing VPN apps for China and Russia, and did that make users in those regions "safer"? They'll use any justification they want, but "safety" is consistently trumped by "agrees with our politics" or "agrees with our shareholders".
All this discussion becomes moot if we could Freely Install Apps instead of Sideloading them through the App Store. It's very import devs reverse Apple's 1984 Sideload terminology: I want to Freely install any app, not be forced to Sideload apps through a single vendor in the App Store. If we could Freely Install apps, like we actually owned the device, then no one would care as much what Apple does or doesn't do about this.
@Hammer exactly.
The only reason Apple is this position in the first place is because they chose to be here. Is it Apple's responsibility to evaluate the servers and security policies of every app on the store? If they are going to continue to claim that the App Store is the only safe place in the world to get software, then the answer has to be yes. But of course that's ridiculous.
Even taking their argument at face value, it's an increasingly archaic and ineffective approach. It has been shown time and time and time again, perhaps most notably by Epic, that Apple can't do anything about content that is loaded into an app after it's been "evaluated" and "approved."
It's also been shown time and time and time again that the "evaluation" focuses almost entirely on protecting Apple's business interests.
>It feels wrong to me that Apple should completely remove Tea from the App Store
I mean, hang on. We _do_ have those privacy nutrition labels on the App Store, and here's what Tea claims:
>Data Used to Track You
>The following data may be used to track you across apps and websites owned by other companies:
>Contact Info (Email Address)
>
>Data Linked to You
>The following data, which may be collected and linked to your identity, may be used for the following purposes:
>App Functionality:
>Contact Info (Email Address)
That's it. They claim they collect your e-mail address, for tracking and ID-linking purposes.
Evidently, that's untrue especially for those unlucky enough to submit photos of their driving licenses and believing in good faith that Tea would delete them. Not only were they collected; they were (of obvious reasons) linked to the accounts, which in turn meant that people could easily create a _map_ of users. Location data! (Not to mention, of course, real names, ages, …)
That's a far cry from Tea's claim that they collect relatively mundane e-mail addresses. (Though I _am_ curious if the app supports iCloud's Hide My Email?)
So what can Apple do? (I'm assuming they haven't already.) They can give Tea a deadline of 14 days or whatever to either update their privacy nutrition label to be a lot more honest, or believably make the case (such as by having independent auditors look at the backend) that their app/backend service now collects less data.
Which, to bring that back to "is App Review even useful": Apple _could_ form its own auditor group. They would probably rather not because, cost aside, that would put more of a target on them. But they could.
I don't know if Apple did it for this reason, but the privacy nutrition labels are important for this type of thing (and there'll now be additional pressure for accuracy in reporting). It externalizes and surfaces some important information for users.
That when you do ID verification on an app, that your ID might be stored and linked to your account on their servers.
As a user, I'd want to know that.
And with state-legislated age verification, this becomes extra important information.
Perhaps there should be a context-specific notice: "Texas and the UK: your ID card is linked to your user account"
