Follow
This is failure on both sides. Ignore the politics of the app.
The app should have been coded more securely. The researcher should have contacted the publisher/developer and given time for them to fix before announcing the vulnerabilities publicly. Likewise, the developer should not have responded like this.
https://gizmodo.com/owner-of-maga-friendly-yelp-knockoff-threatens-to-call-1833247075