Quittr, an app that promises to help men stop watching pornography, leaked intimate data on hundreds of thousands of its users, including their masturbation habits, and lied about its security issues, 404 Media can now reveal.
I first reported about Quittr exposing user data in January, but was unable to name Quittr in the story because its creators, Alex Slater Connor McLaren, did not fix its security issues despite multiple requests and an offer from an independent researcher to help them fix the problem. Naming the app while hackers were still able to easily steal Quittr’s user data would have endangered their privacy and put them at risk of extortion from hackers, which is very common today. Some of the data exposed includes the users’ age, how often they masturbate, and how viewing pornography makes them feel. According to the data, many of them are minors.
Quittr is operated by Slater and McLaren, members of the so called App Mafia, a group of men in their early 20s who claim to have made millions of dollars on mobile app development. Slater and McLaren were recently the subjects of a long New York Magazine profile which detailed the opulent lifestyle the success of Quittr has afforded them, including driving exotic super cars and living in a Miami mansion. Slater shares videos about his lifestyle on his personal YouTube channel as well.
Slater claims Quittr has been downloaded more than 1.5 million times and makes $500,000 a month. But despite these incredible numbers, the developers were somehow unable or unwilling to fix a major security flaw in the app for months.
I first learned about the Quittr vulnerability from an independent researcher, who scanned the Google Play Store and Apple App Store for a common misconfiguration in apps that use Google Firebase, an app development platform. The researcher tested hundreds of the top apps on both stores after we published a story about the Tea app suffering a devastating hack due to the same issue. The researcher found dozens of apps had the same problem, including Quittr, but did not name Quittr in his public disclosure because the highly sensitive and personal data could put users at risk.
The researcher said he contacted Slater directly on September 10, 2025 to tell him about the Quittr vulnerability.
“It’s my fault fully I should’ve been on top of this, the way you pulled the database was super creative,” Slater told the researcher in a series of WhatsApp messages, which 404 Media reviewed. “So props to that, but again this is serious data and is not good at all. Working on fixing rn! Will be fixed in the next hour.”
But Slater and McLaren did not fix the issue for months. I called him in January, told him about some of the sensitive user data I had seen, and asked him why he had not fixed the vulnerability even after he told the researcher he would.
“There is no sensitive information exposed, that’s just not true,” Slater told me at the time. “These users are not in my database, so, like, I just don’t give this guy attention. I just think it’s a bit of a joke […] after checking with my engineers I saw this was never an issue.”
When I asked Slater why he previously thanked the researcher for responsibly disclosing the misconfiguration and said he would rush to fix it, he wished me a good day and hung up.
After the call, I created an account on the app, which the researcher was able to see appear in the misconfigured Google Firebase, confirming that user information was still exposed. I called, texted, and emailed Slater and any email associated with Quittr I found several times after that call but never heard back. After a week of trying to contact Quittr and repeatedly checking that the app was still vulnerable, 404 Media decided to publish the story without naming the app in order to protect its users while still highlighting an important security issue in a popular app.
Overall, the researcher said he could access the information of more than 600,000 users of the porn quitting app, 100,000 of which identified as minors.
The app also invites users to write confessions about their habits. One of these read: “I just can’t do this man I honestly don’t know what to do know more, such a loser, I need serious help.”
“We were like, How can we build an app to make money? Then as I realized how large the issue was, that’s when it became more of a passion project, like, How can we help men actually become men again?” McLaren told New York Magazine.
After the New York Magazine profile was published, the researcher checked Quittr again and saw that it fixed its misconfigured database, which is why we’re naming the app now.
