Dating apps are now part of our everyday life. To find the ideal partner, users of such apps are ready to reveal their name, occupation, place of work, where they like to hang out, and lots more besides.
Dating apps are often privy to things of a rather intimate nature, including the occasional nude photo. But how carefully do these apps handle such data? Kaspersky Lab decided to put them through their security paces. We informed the developers in advance about all the vulnerabilities detected, and by the time this text was released some had already been fixed, and others were slated Are online dating sites safe correction in the near future.
However, not every developer promised to patch all of the flaws. Happn, in particular, uses Facebook accounts for data exchange with the server. With minimal effort, anyone can find out the names and surnames of Happn users and other info from their Facebook profiles.
And if someone intercepts traffic from a personal device with Paktor installed, they might be surprised to learn that they can see the e-mail addresses of other app users.
If someone wants to know your whereabouts, six of the nine apps will lend a hand. Only OkCupid, Bumble, and Badoo keep user location data under lock and key. Happn not only shows how many meters separate you from another user, but also the number of times your paths have intersected, making it even easier to track someone down.
As our researchers found out, one of the most insecure apps in this respect is Mamba. The analytics module used in the Android version does not encrypt data about the device model, serial number, etc. Such data is not only viewable, but also modifiable. However, our researchers were able to intercept Zoosk data only when uploading new photos or videos — and following our notification, the developers promptly fixed the problem.
When using the Android versions of Paktor, Badoo, and Zoosk, other details — Are online dating sites safe example, GPS data and device info — can end up in the wrong hands. It turned out that most apps five out of nine are vulnerable to MITM attacks because they do not verify the authenticity of certificates. And almost all of the apps authorize through Facebook, so Are online dating sites safe lack of certificate verification can lead to the theft of the temporary authorization key in the form of a token.
Regardless of the exact kind of data the app stores on the device, such data can be accessed with superuser rights. This concerns only Android-based devices; malware able to gain root access in iOS is a rarity.
The result of the analysis is less than encouraging: Eight of the nine applications for Android are ready to provide too much information to cybercriminals with superuser access rights. As such, the researchers were able to get authorization tokens for social media from almost all of the apps in question. The credentials were encrypted, but the decryption key was easily extractable from the app itself.
Tinder, Bumble, OkCupid, Badoo, Are online dating sites safe, and Paktor all store messaging Are online dating sites safe and photos of users together with their tokens. Thus, the holder of superuser access privileges can easily access confidential information.
If not stealing, then extorting. Alexandra Golovina 3 posts. Are dating apps safe? October 25, Privacy Special Projects. Unprotected data transfer Most apps transfer data to the server over an SSL-encrypted channel, but there are exceptions.
Superuser rights Regardless of the exact kind of data the app stores on the device, such data can be accessed with superuser rights. Using a VPN ; Installing security solutions on all of your devices; Sharing information with strangers only on a need-to-know basis. Adding your social media accounts to your Are online dating sites safe profile in a dating app; giving your real name, surname, place of work; Disclosing your e-mail address, be it your personal or work e-mail; Using dating sites on unprotected Wi-Fi networks.
Preliminary results of internal investigation. Transatlantic Cable podcast, episode 8.