When I was in tenth grade, a boy asked me to prom by securing a giant, puff-painted, glittering poster over the entrance to my high school. “Molly: Will You Go To Prom With Me?” As much as I pretended to be just, oh my god, so embarrassed, the public declaration left a fluttering pride in my stomach. I’m more than a little ashamed of how long I left the sign up that day so as many people as possible could see it and then talk to me about it.

I thought it very clever, but that gesture was nothing compared to what a kid named Jon Wyatt pulled off. Instead of hanging a banner on the cement facade of his school, Wyatt used Trivia Crack, the wildly popular trivia quiz game, to ask his date to the prom.

Wyatt’s ally in this stunt was Joe Levy, a Microsoft program manager who has taught himself how to hack a variety of apps and games. Levy gets a lot of comments on his stories about how to “hack” popular apps like Candy Crush and Trivia Crack. Levy’s hack of the browser-based Facebook version of Trivia Crack not only lets a player see the answers and cheat the game, but it can also be used to insert custom questions and answers.

Obsessed players began using Levy’s browser hack, and the blog post drew a lot of comments. But one commenter made a request that stood out to him.Wyatt, a high schooler, wanted to experiment with Levy’s Trivia Crack “cracker,” altering the output to ask a girl to the prom.

The idea of not only helping a young kid act on his interest in programming but also getting him a prom date (does that make it “promgramming?”) was too good to turn down. “I never thought my Trivia Crack-ing could have such humanitarian uses!” says Levy. The exploit only took him a few hours to create, and it was well worth it (she said yes).

While Levy “cracked” Trivia Crack to help a boy stand in front of girl and (with a computer screen between them) ask her to prom, plenty of users are happy to use the app’s built-in social features for such conceits. Débora Nara of Etermax, the company that develops Trivia Crack, calls the game a “worldwide phenomenon” thanks to its social edge; people in offices, schools, and in social groups interact with each other in the game and in the real world, she says.

Part of Etermax’s mission is to make the app even more social. The company is launching a Trivia Crack for brands next month, “so they can generate social awareness in a playful way.” This will enable users to create channels or follow certain ones—like a Harry Potter-themed Trivia Crack channel, or one that’s focused solely on the NBA. “Fans can play together… challenging each other, while learning new things and meeting new people,” Nara says. All of this is made easier thanks to Trivia Crack‘s messaging function—Nara says there are more than five million messages per day sent via the app, and that more than 750,000 users access the messaging feature daily.

Trivia Crack isn’t the only game to become much more than a game. While apps like Tinder, Bumble, and OKCupid are designed specifically for flirtatious messaging and come-ons, more innocent apps, and games especially, are enjoying it as a sort of side dish. QuizUp, Trivia Crack, Words With Friends are all games, but they come with just enough social tools built in that you can do more than just play a game with a faceless stranger. You get to know them, chat with them. QuizUp CEO Thor Fridriksson says they get many emails thanking them for being a conduit for their relationships. “Some of our topic communities have also grown very close and we know of a couple of community gatherings where people will fly between countries to attend these fanfests.”

This social element doesn’t have to start in the app, though. When all your friends are playing QuizUp or Candy Crush or whatever, you know where you can find them, what they are thinking about. The app becomes a public forum of sorts, one arguably more interesting than general social networks like Facebook or Twitter. You don’t go there to talk, you go to play—and in the process, chatting, friending, and flirting become happy (well, usually happy) additions to the games. Perfect for a prom ask, as Wyatt can tell you.

As an amateur programmer, I noticed that instead of being completely server based (like many games), Trivia Crack was partially client based, so I started thinking about ways to take advantage of this,” says Wyatt, who wants to go into cyber security in the future. He came across Levy’s blog eventually, and realized he’d taken advantage of the same vulnerability, and figured he’d go ahead and comment, asking for Levy’s help in his promposal.

Why Trivia Crack versus another app game? “Mostly because I thought of the idea while playing it with the girl I eventually asked to go to prom with me.”

Using a game or app hack to propose something (be it a date, marriage, or dinner) isn’t necessarily a new idea, but most of these are cutesy hacks—playing the words “marry me” when you know it will only get you a measly 11 points, or even asking the Dots team to help you create a round of the game to pop the question. One man even created a counterfeit version of Candy Crush to ask his girlfriend to marry him—not really a hack, but something that surely runs afoul of trademark law.

Fridriksson says the team gets asked about creating custom questions for special, personal purposes—and suggests that this might be a possibility someday, no hacking required. “Once we open up the platform and allow anyone to create their own topics, we suspect that there will be a lot of personal or even romantic topics that people will send to each other.”

Unlike these “hacks,” though, there’s one dark cloud hanging over Wyatt’s adorable story—and that’s the fact that a massively popular app is so easily exploited.

As Levy wrote in a blog post describing the “promposal” hack:

What’s scary about this is I wouldn’t have needed the -disable-web-security flag to do this if Trivia Crack wasn’t using CORS. This means any website that doesn’t use COR can be man-in-the-middled by a Chrome extension, with no changes to Chrome’s start up needed. You may think you’re talking to your bank’s website, when really there’s a Chrome extension modifying your requests and the banking website’s responses, recording all of your sensitive data as it does so. Just another reason to be very careful about which Chrome extensions you trust, and what permissions you trust with them.

TL;DR: This very, very popular app has a pretty big hole that lets you game it—and that isn’t where the vulnerabilities end. There’s also the ability to grab mass amounts of user information. While Levy has only used these oversights for good, that doesn’t mean everyone will. “I’ve seen code that crawls Trivia Crack for information on its users—including their full names, email addresses, Facebook IDs, and who their friends are—and I’ve seen this used to grab information on millions of users,” says Levy. “I’ve also seen a project that can cause any phone with Trivia Crack installed to freeze up and reboot, by spamming the phone with thousands of messages from hundreds of auto-generated Trivia Crack accounts.” While users have reportedly reached out to Trivia Crack about the vulnerabilities, it appears nothing has been done to address them.

The security missteps inside Trivia Crack don’t worry Wyatt. “There’s no ‘safe’ space on the Internet in my opinion. Some may be far more secure than others, but in the end, with the right amount of skill, knowledge, and time, the security of any site or server can be breached,” he says.

For the time being, Trivia Crack remains a twee option for lonely programmers everywhere. And it’s encouraging that at least a few people are interested in exploiting it for such endearing purposes.

“Really, there are multiple holes in Trivia Crack, some more worrisome than others,” says Levy. “The ones that allowed me to build Trivia Cracker and Trivia Crack Prom are probably not something users need to worry about. The worst thing it allows is people to cheat against them in Trivia Crack.”

And the best thing, of course, is that it can get them a date. “I had an incredible time with an even more incredible girl,” says Wyatt. “It was, without a doubt, my fondest memory of my high school years.”

Go Back to Top. Skip To: Start of Article.


People Are Hacking Trivia Crack to Get Prom Dates