Dating apps are one of the most popular methods of looking for a partner. Users of dating apps reveal their names, workplace, occupation, hobbies and even more. In addition to that, occasional nude photos are also widely used in these kinds of apps.
When it comes to user privacy, are these apps are safe to use and how carefully do they handle user data?
Security researchers at Kaspersky investigated the most widely used online dating apps, such as Tinder, Bumble Paktor, WeChat and Zoosk. They uncovered the main threats of these apps and informed developers about detected bugs.
Threat no 1. Who are you?
Four of nine investigated apps enable potential attackers to obtain information about a user’s specified place, work or study. In addition, this information allows finding user’s social media accounts, real names and even more.
So it turns out that Paktor and Happn dating apps allow strangers to find your account on social media 100% of the time, Tinder’s rate is 60% and Bumble comes fourth with 50%.
Threat no 2. Where are you?
Six of the nine apps also can reveal your whereabouts. Badoo, OkCupid and Bumble keeps information about your location under the lock. However, other apps indicate the distance between you and the person you are checking out.
Threat no 3. Unsecured data transfer
The majority of all apps transfer data to the server over SSL-encrypted channel. However, according to Kaspersky, there are some exceptions.
For example, Mamba version for Android analytics module does not encrypt data about the device, while iOS version connects to the server over HTTP and also transfers unsecured data. As a result, this information can be seen and modified by third parties.
In addition, iOS version of Badooand Tinder, Bumble and Paktor for Android upload pictures via over HTTP as well. This enables hackers to find out what profiles the user is browsing.
Threat no 5. MITM attack
According to the results, five apps don’t verify the authenticity certificates and are insecure against man-in-the-middle attacks. What is more, almost every app authorizes through Facebook which can end up exposing the temporary authorization key for potential theft.
Threat no.5 Superuser rights
Researchers at Kaspersky discovered that eight out of nine apps for Android can provide too much information with superuser access rights. In addition, six apps store photos and messaging history with their tokens, as a result, superuser privileges allow users to access confidential information.
Many dating apps do not secure sensitive information with care. So users are strongly advised to use VPN, security software and be vigilant – do not share too much with strangers.