The app helps conservatives find safe spaces where they don’t have to leave a restaurant or other business for wearing a MAGA hat. “Reviews of local restaurant and businesses from a conservative perspective, helping insure [sic] you’re safe when you shop and eat!”
But French security researcher Robert Baptise found that the backend API the app uses doesn’t use any form of authentication. This lets anyone look at the app’s source code, get the API endpoints, and get data from the app’s server without a problem.
By doing this, Mr. Baptise was able to get information about the 4,466 users, like username, email, avatar, follower count, following count, profile creation/update dates, a ban status, and more. He was also able to block users, mess with database logs, and hide unauthorized intrusions as part of his tests.
Asked why he looked into the 63red Safe app, the researcher said this was because he found a similar leak in another mobile app for US-based conservatives in the past.
“Some months ago I analyzed the Donald Daters app three hours after its release. I thought it was fun to analyze the same kind of ‘Donald Trump’ related app,” he told ZDNet.