By now, everyone has heard of the “Tea app” getting hacked: “Hackers leak 13,000 user photos and IDs from the Tea app”. It’s a Flutter app for Android and iOS, written by a guy with 6 months programming experience. The “tea app” allows women to gossip about men on dating portals. I disassembled the source code, so you don’t have to. Let’s do a quick dive through it.

If you are as unexcited as I am about this, please stay tuned. I will also explain step by step on how to disassemble the source code of any Android app. This article won’t just plainly explain the ridiculous amateurish mistakes that got the app hacked, but also how it was done. So if you’re not here for the app, I hope you stay for the disassembly process.

To get the source code of the app, we just go to its website under teaforwomen.com. There, we’ll find a Google Play Store link that’ll take us to the store listing. In the address bar, we’ll see the following URL.

https://play.google.com/store/apps/details?id=com.tea.tea

We’re only interested in knowing the app id, which is “com.tea.tea”. That’s the unique identifier of their Android app. Since we want to disassemble the app into source code, we’ll need the APK or XAPK file with…