Quittr App Ignored Months of Security Warnings from Hackers, Fixed Flaws Only After Media Inquiry

For months, the developers of Quittr, an anti-pornography app designed to help users stop masturbating, ignored repeated warnings from multiple independent security researchers about a critical security vulnerability. The app's creators only moved to fix the flaw weeks after 404 Media initiated multiple inquiries for comment, raising serious questions about their commitment to user data protection.

At least three individuals attempted to alert Quittr's founders to the serious issue. One researcher, Kaeden, detailed on her blog that she emailed the founders, explained the vulnerability, and received a response from a developer who promised to look into improving security. She provided a step-by-step walkthrough, noting the problem was a client-side API key—a common Firebase configuration error that required implementing proper security rules. Despite her detailed report and subsequent follow-ups, all communication went unanswered. This pattern of neglect began before 404 Media's initial report on the vulnerability in January, which was published without naming the app after Quittr failed to act on the outlet's own outreach.

The prolonged inaction exposes a fundamental failure in Quittr's security response protocol. The app, which handles sensitive user data related to personal habits and potentially private struggles, left a known vulnerability unpatched for an extended period. This incident places intense scrutiny on the accountability of niche wellness and self-help applications that collect intimate data, highlighting the risks users face when developers deprioritize basic cybersecurity hygiene despite clear, expert warnings.