Conversation

and

supporters, You should not use this app. In 5 minutes, I managed to get: - the list of all the people registered - name - Photo - personal messages - token to steal their session Thread ⬇️

Quote Tweet

Fox News

@FoxNews

· Oct 15, 2018

Donald Daters, new app for Trump supporters, aims to 'Make America Date Again' fxn.ws/2Cf2u8B

7:20 PM · Oct 15, 2018Twitter Web Client

Replying to

This is a small subset of the profile pictures

0:15

12.4K views

Baptiste Robert

@fs0c131y

Oct 15, 2018

Currently there are 1607 users in the application and 128 rooms

Baptiste Robert

@fs0c131y

Oct 15, 2018

A room is a discussion between two people when they matched

Baptiste Robert

@fs0c131y

Oct 15, 2018

The longest conversation is a discussion between the devs of the app 😂

171

Baptiste Robert

@fs0c131y

Oct 15, 2018

"Are you friends with the people who made this app?"

Quote Tweet

· Oct 15, 2018

It's probably not a good idea to expose all your ids and keys... In the app you can find: - google_api_key - google_app_id - google_crash_reporting_api_key - default_web_client_id - facebook_app_id - RNB_GOOGLE_PLAY_LICENSE_KEY

Baptiste Robert

@fs0c131y

Oct 15, 2018

I'm sad, I expected a lot of bot replies 😂

101

Coverage by

The ‘Donald Daters’ Trump Dating App Exposed Its Users’ Data

On Monday, Donald Dating received a wave of media coverage from outlets such as Fox News. It didn’t take long for a security researcher to find the app’s exposed database.

Quote Tweet

· Oct 15, 2018

I made a small proof of concept to show how the database of the Donald Daters app is vulnerable. With this POC I can: - see all private messages - see all user info - delete what I want: a message, an user, the all database, ...

Show this thread

0:28

12.5K views