Hacking Through the UI

Let me tell you the story of my first ever business meeting.

Porting Hopsee at IC Studio

Back in 2016 I worked at a start up called IC Studio. The company had a strange business model. We would partner with early stage start up and help build their products. In exchange for building their products, we would receive a bit of equity in the company. Instead of providing money to these companies, we provided development skills. Before doing this business model, the company’s CTO built a taxi sharing app for iPhone. They called it Hopsee. I was hired to port Hopsee to Android.

We also had an intern in the company, he was a pretty cool guy who sat next to me. His job was to do ‘research’. The bosses were pretty keen on making a payment application, so they told the intern to try out various existing payment apps in Hong Kong. He was about to try a payment application called YinTran. Then he said to me “How am I supposed to try this out? I can’t send money to myself”. “How about I sign up too and we can try sending money to each other” “Okay”

Jizzlord and Viagramaster

So I signed up, and because I thought it was funny I used the username jizzlord. The intern thought this username was pretty funny so he signed up with the username viagramaster. We poked around in the app, tried to send money to each other but that required doing something we didn’t feel like doing. Then I tried out the “Find Friends” feature. I typed in the letter ‘A’ and the app showed an auto-complete list of every user whose name started with ‘A’. Interesting. I thought, I could very quickly pull down the entire user table by typing in 26 letters.

I showed the intern, and he tried it too. Then I sent out a ton of friend requests to random users. Then I got bored and went back to porting Hopsee to Android. The intern went off to do some sort of intern thing.

The Phone Rings

My phone rings, but I don’t know the number so I ignore it. Moments later, the intern’s phone rings he answers it. He talks to the person on the other end of the phone and seems worried. I quickly realise it’s the owner of YinTran. I ask the intern to pass me the phone, and he gladly does.

“Are you trying to hack my app?” “No no. We were just trying it out” “Well what are you doing sending jizz and viagra emails to all our users? How did you get all their email addresses anyway” “Hey we just used the app through the UI. We set up stupid usernames for fun. Your auto-complete box is too aggressive. If you type in the letter ‘a’ you get every user that has a name staring with ‘a’.” “Hmmm…” “All we did is type in ‘A’, and then added everyone” “I see.”

I then told him we were making Hopsee, and perhaps we could use YinTran for payments. I suggested we meet for a coffee the following day. “Alright, I’ll see you tomorrow”

Informing the Bosses

The CEO and CTO were out somewhere while we did this. When the CEO came back we told them we set up a meeting with the founder of YinTran. “Oh cool. How did you do that, and why?” “Well uh…”

We told him the story and he found it pretty funny.

The Meeting

One day before work, the intern, the CEO and I go to Starbucks at Exchange Square to meet with the founder of YinTran. When he turns up he says “You must be Jizzlord, and this must be viagramaster.” The rest of the meeting was pretty boring.