deletescape.ch Open in urlscan Pro
104.198.14.52  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Skip to main content
 * Home
 * About
 * Posts
 * DNS
 * Press
 * Contact

Feb 07, 2020 by maia arson crimew


GIGGLE APP: BROKEN IN EVERY IMAGINABLE WAY

If you’re ac­tive on Twitter, you’ve prob­a­bly seen some Tweets on this new
“giggle” app in the last few days. It is a sim­ple app, which pro­vides girls
with some “girls only” spaces to talk about dif­fer­ent top­ics with like­minded
girls. That’s all fine and dandy, they’re even nice enough to ex­plic­itly
de­clare the app a trans in­clu­sive space on their web­site.
Now you’re prob­a­bly won­der­ing how ex­actly they are en­forc­ing this “girls
only” thing, and the an­swer is ob­vi­ously “AI”, be­cause hon­estly what else
would it be. If this alone weren’t al­ready bad enough, they also ex­plic­itly
men­tion that what they are do­ing is an­a­lyz­ing bone struc­ture, which is
lit­er­ally Phrenology and not re­ally some­thing you’d want in your app. As
ex­pected their app also has ma­jor prob­lems even with afab girls, es­pe­cially
if they are POC, and trans per­sons should just con­tact their sup­port
ac­cord­ing to the web­site. Not a great start, and most back­lash on the app
was based on this. It was also what first got me in­ter­ested in the app, but it
turned out to be tech­ni­cally flawed as well.

It took me about 3 min­utes to com­pletely by­pass the ver­i­fi­ca­tion.


*Hacker voice*: I’m in

All it took was ini­ti­at­ing the sign up process and tap­ping through un­til
I’m asked to ver­ify my­self. I then used an “Activity Launcher” app to launch
the main screen of the app (which is an ex­ported ac­tiv­ity so this does­n’t
even need root), and I was just signed up now.

This prompted me to take a closer look at just how screwed up this app was,
be­cause this al­ready clearly vi­o­lates just about every best prac­tice ever.
As I had al­ready guessed from the pack­age name (com.appetiser.giggle), this
app had not been de­vel­oped by gig­gle them­selves (“giggle ltd”, “wadd
hold­ings ltd”, or who­ever they are), it was con­tracted to Appetiser. Their
web­site al­ready screams “professionality” and talks about noth­ing but
rev­enue, “growth” and their great “success”. This path did­n’t re­ally lead to
much fur­ther in­sight, other than the fact that it’s even sad­der that even
mo­bile app con­trac­tors pro­duce this kind of trash.

The app fur­ther sim­pli­fies ex­ploit­ing and an­a­lyz­ing it by al­ready
ship­ping with the pop­u­lar Stetho Android de­bug­ging tool. Usually one would
have to mod­ify the app in some way to get this into a pro­duc­tion app for
analy­sis, but they al­ready did this for me.


They’re mak­ing this just too damn easy

So at this point it was al­ready al­most 3am and I just de­cided to go to bed,
there is prob­a­bly way more hor­ri­ble stuff, but I hon­estly don’t feel like
touch­ing this app again any­time soon. If you do find some­thing else, please
share it with me on Twitter (@deletescape) as I’d love to see it. If you’re from
Giggle or Appetiser and would like some in­put on how to fix this mess of an app
feel free to reach out, I usu­ally don’t bite.

> Great tweets on this app, that brought it to my at­ten­tion: @killed_the_vibe,
> @degendering
> My re­al­time ex­plo­ration thread on it: @deletescape