09-07-2025
iOS wingman app FlirtAI leaks private chat screenshots, exposing privacy risks
A serious data leak has been uncovered involving FlirtAI – Get Rizz & Dates, an AI-powered iOS app that markets itself as a digital 'wingman' for dating and chatting. The app, developed by Berlin-based Buddy Network GmbH, exposed over 160,000 private chat and profile screenshots through an unsecured Google Cloud Storage bucket, according to cybersecurity researchers at Cybernews.
The leaked data includes personal conversations and dating profile screenshots that users submitted to the app for AI-generated response suggestions. Disturbingly, many of these screenshots were of individuals who never consented to their private exchanges being uploaded, let alone shared online.
Teen users among the most affected
Researchers highlighted a troubling aspect of the breach, saying that a significant portion of the app's user base appears to be teenagers. Given the sensitive nature of the content and the possibility of minors being involved, the consequences could be severe.
'People affected by the leak may not even be aware that their conversations were screenshotted and shared with a third-party app,' the Cybernews team said. 'The individuals on the other side of these chats—often peers—are the ones most exposed, as their names and details are clearly visible in the screenshots.'
This raises major concerns about consent, data privacy laws involving minors, and emotional well-being. The app is rated 17+ on the App Store for mature content, but its appeal among younger users and its data handling practices are now under scrutiny.
Security flaws and poor privacy controls
FlirtAI – Get Rizz & Dates works by analysing uploaded screenshots from chat or dating apps, promising 'five tailored responses' to help users impress potential matches. However, the developers failed to secure the bucket containing these images, leaving them accessible to anyone with the link.
The app claims users should only upload screenshots with 'necessary approvals from all users/humans mentioned,' a disclaimer many experts consider legally and practically ineffective.
'The app's model puts people at risk who never agreed to share their conversations,' the researchers added. 'And due to chat app interface designs, identifying information is often visible—making it easier to trace people not using the app than those who are.'
No public statement issued by the developers yet
After being alerted by the Cybernews team and the relevant Computer Emergency Response Team (CERT), Buddy Network GmbH secured the exposed bucket. As of now, the company has not issued a public statement or responded to media requests for comment.
Wider trend of iOS app data leaks
This incident is part of a troubling pattern. The Cybernews team recently analysed 156,000 iOS apps and found that 71% of them leak at least one secret in their code, with many exposing sensitive user information.
From dating platforms to family tracking apps, a growing number of iOS applications have been found to store plaintext credentials, leak private images and mishandle sensitive data.
As regulatory scrutiny increases, users, meanwhile, are advised to think twice before handing over personal data to AI-driven services.
