Apple has frequently argued that it is reasonable for it to have monopolistic control over the sale of iPhone apps because it vets them for safety and security. This has been called into question over scam apps accepted into the App Store, and the same questions are being asked regarding the Tea app.

The so-called dating advice app has been revealed to have major security vulnerabilities, which have exposed private chats and personal data of tens of thousands of women …

Egregious security flaws in the Tea app

The Tea app claims to make dating safer for women by allowing them to share red flags for men they have dated or are considering dating.

Two major security flaws have been found in the app, exposing both private chats and personal data, which includes images of selfies and photo ID used to verify identities of users.

The exposed chat content makes it easy to identify both the users themselves and the men they are discussing.

Conflicting App Store safety claims

Apple has come under fire from antitrust regulators around the world for its monopolistic control over the sale of iPhone apps. It has justified this on the basis that the App Store is a “safe and trusted place.”

The company has been forced to allow third-party app stores in the EU, but has declined to make this change in the US or elsewhere.

Many people have pointed to the prevalence of scam apps in the App Store as evidence that Apple’s vetting process does not in fact ensure that the store is a safe and trusted place. A study back in 2021 revealed that scam apps make up almost 2% of the top-grossing apps in this store and have cost iPhone owners around $50 million.

Tea app the latest example

A commenter on Hacker News questioned why the Tea app remains on the App Store despite the continuing security flaws. Prominent Apple commenter John Gruber suggests that Google appears to have removed visibility from the app, and argues Apple should do the same..

 I can’t recall anything like this before, where an app riddled with outrageous security/privacy vulnerabilities remains virally popular […]

I strongly suspect that, although Google hasn’t removed Tea from the Play Store, they’ve delisted it from discovery other than by searching for it by name or following a direct link to its listing. That both jibes with what I’m seeing on the Play Store top lists, and strikes me as a thoughtful balance between the responsibilities of an app store provider. As egregious as Tea’s security exploits have been, removing the app entirely doesn’t seem called for. But delisting it from popularity lists seems like a measured way to discourage new users from trying it unless they’re specifically looking for it. If this is what Google is doing, Apple should follow their lead.

What action do you think Apple should take? Remove the app, remove its visibility, or do nothing? Please share your thoughts in the comments.

Highlighted accessories

Photo by Clearcut Derby on Unsplash