Tea, the Women’s Dating Gossip App Riddled With Security Vulnerabilities, Remains #3 on the US iPhone App Store

Wednesday, 30 July 2025

Tea remains #3 overall in the US iPhone App Store. Here’s a screenshot of the top free iPhone apps today, and a list of the current top 10, using the full names the apps choose to display:

1. ChatGPT
2. Wingstop
3. Tea Dating Advice
4. Threads
5. Google
6. Google Maps
7. WhatsApp Messenger
8. ParentSquare
9. CapCut - Video Editor
10. TikTok - Videos, Shop & LIVE

I might be forgetting or unaware of previous similar situations, but I can’t recall anything like this before, where an app riddled with outrageous security/privacy vulnerabilities remains virally popular. A Hacker News thread from earlier today debates why the app is even still available on the App Store.

So is it Apple’s place to yank the app? It feels wrong to me that Apple should completely remove Tea from the App Store, but it’s also true that one of Apple’s fundamental pitches for the App Store — and the App Store’s exclusivity for app distribution in most of the world — is that iOS users can trust any and all apps in the App Store because they’re vetted by Apple. But here’s Tea, sitting at #3, providing a service that many women want, and the entire thing is shockingly untrustworthy. (I fully expect more vulnerabilities to be found and exploited.)

Tea, unsurprisingly, has almost nothing on their website about the security violations their users have suffered, nor any mention in their App Store listing. Their only public acknowledgement of the fiasco is a series of three Instagram posts on July 26, 27, and 29 (the most recent of which acknowledges that they’ve completely disabled the DM feature “temporarily”), and this FAQ on their website, that, as far as I can tell, is only discoverable through the “links in bio” on their Instagram profile. Their FAQ only addresses the initial discovery from last week, not the more significant one that 404 Media publicized Monday that included the exposure of DMs.

Also fascinating to me is that Tea, though available on both iOS and Android, is seemingly not popular at all on Android. It’s not even listed in the Play Store’s top free apps. (The Play Store website lists only the top 45, but I scrolled through the entire top 200 on my Pixel.) The current Play Store top 10:

1. ChatGPT
2. TikTok - Videos, Shop & LIVE
3. Threads
4. WhatsApp Messenger
5. Temu: Shop Like a Billionaire
6. Instagram
7. TikTok Lite - Faster TikTok
8. DramaBox - Stream Drama Shorts
9. Cash App
10. Snapchat

More tellingly, Tea doesn’t even crack the Play Store top 200 list for the “Dating” category. (On iOS, it’s in the “Lifestyle” category, but on the Play Store it’s in the “Dating” and “Casual” categories. Perhaps Apple requires apps in the “Dating” category to be full-fledged dating app services, not dating-app-adjacent like Tea.)

I’m not sure what explains the disparity in Tea’s popularity by platform. One assumption is that dating is more of a young person’s game, and young people skew slightly more toward iPhone than the US population overall. But from what I can tell, that skew is only about 10 percent. Also, surveys suggest women are more likely to be iPhone users. But I can’t believe that age or gender demographics alone explain why Tea is #3 in the App Store but doesn’t even crack the top 200 on Android.

I strongly suspect that, although Google hasn’t removed Tea from the Play Store, they’ve delisted it from discovery other than by searching for it by name or following a direct link to its listing. That both jibes with what I’m seeing on the Play Store top lists, and strikes me as a thoughtful balance between the responsibilities of an app store provider. As egregious as Tea’s security exploits have been, removing the app entirely doesn’t seem called for. But delisting it from popularity lists seems like a measured way to discourage new users from trying it unless they’re specifically looking for it. If this is what Google is doing, Apple should follow their lead. (I’ve put in a question to Google’s PR inquiring about this; if/when I get an answer, I’ll update this article.)