Skip to main content
feature image for 'Giggle App: Broken in every imaginable way'
by maia arson crimew

Giggle App: Broken in every imaginable way

If you’re ac­tive on Twitter, you’ve prob­a­bly seen some Tweets on this new giggle” app in the last few days. It is a sim­ple app, which pro­vides girls with some girls only” spaces to talk about dif­fer­ent top­ics with like­minded girls. That’s all fine and dandy, they’re even nice enough to ex­plic­itly de­clare the app a trans in­clu­sive space on their web­site.
Now you’re prob­a­bly won­der­ing how ex­actly they are en­forc­ing this girls only” thing, and the an­swer is ob­vi­ously AI, be­cause hon­estly what else would it be. If this alone weren’t al­ready bad enough, they also ex­plic­itly men­tion that what they are do­ing is an­a­lyz­ing bone struc­ture, which is lit­er­ally Phrenology and not re­ally some­thing you’d want in your app. As ex­pected their app also has ma­jor prob­lems even with afab girls, es­pe­cially if they are POC, and trans per­sons should just con­tact their sup­port ac­cord­ing to the web­site. Not a great start, and most back­lash on the app was based on this. It was also what first got me in­ter­ested in the app, but it turned out to be tech­ni­cally flawed as well.

It took me about 3 min­utes to com­pletely by­pass the ver­i­fi­ca­tion.

*Hacker voice*: I'm in
*Hacker voice*: I’m in

All it took was ini­ti­at­ing the sign up process and tap­ping through un­til I’m asked to ver­ify my­self. I then used an Activity Launcher” app to launch the main screen of the app (which is an ex­ported ac­tiv­ity so this does­n’t even need root), and I was just signed up now.

This prompted me to take a closer look at just how screwed up this app was, be­cause this al­ready clearly vi­o­lates just about every best prac­tice ever. As I had al­ready guessed from the pack­age name (com.appetiser.giggle), this app had not been de­vel­oped by gig­gle them­selves (“giggle ltd”, wadd hold­ings ltd”, or who­ever they are), it was con­tracted to Appetiser. Their web­site al­ready screams professionality” and talks about noth­ing but rev­enue, growth” and their great success”. This path did­n’t re­ally lead to much fur­ther in­sight, other than the fact that it’s even sad­der that even mo­bile app con­trac­tors pro­duce this kind of trash.

The app fur­ther sim­pli­fies ex­ploit­ing and an­a­lyz­ing it by al­ready ship­ping with the pop­u­lar Stetho Android de­bug­ging tool. Usually one would have to mod­ify the app in some way to get this into a pro­duc­tion app for analy­sis, but they al­ready did this for me.

They're making this just too damn easy
They’re mak­ing this just too damn easy

So at this point it was al­ready al­most 3am and I just de­cided to go to bed, there is prob­a­bly way more hor­ri­ble stuff, but I hon­estly don’t feel like touch­ing this app again any­time soon. If you do find some­thing else, please share it with me on Twitter (@deletescape) as I’d love to see it. If you’re from Giggle or Appetiser and would like some in­put on how to fix this mess of an app feel free to reach out, I usu­ally don’t bite.

Great tweets on this app, that brought it to my at­ten­tion: @killed_the_vibe, @degendering
My re­al­time ex­plo­ration thread on it: @deletescape