Official dating resource
The study showed that many dating apps do not handle users’ sensitive data with sufficient care.
That’s no reason not to use such services — you simply need to understand the issues and, where possible, minimize the risks.
That’s actually the app’s main feature, as unbelievable as we find it.
Most apps transfer data to the server over an SSL-encrypted channel, but there are exceptions.
This concerns only Android-based devices; malware able to gain root access in i OS is a rarity.
The result of the analysis is less than encouraging: Eight of the nine applications for Android are ready to provide too much information to cybercriminals with superuser access rights.
Tokens are valid for 2–3 weeks, throughout which time criminals have access to some of the victim’s social media account data in addition to full access to their profile on the dating app.
Regardless of the exact kind of data the app stores on the device, such data can be accessed with superuser rights.
Turns out it is possible to identify Happn and Paktor users in other social media 100% of the time, with a 60% success rate for Tinder and 50% for Bumble.
As such, the researchers were able to get authorization tokens for social media from almost all of the apps in question.
The credentials were encrypted, but the decryption key was easily extractable from the app itself.
All of the other apps indicate the distance between you and the person you’re interested in.
By moving around and logging data about the distance between the two of you, it’s easy to determine the exact location of the “prey.” Happn not only shows how many meters separate you from another user, but also the number of times your paths have intersected, making it even easier to track someone down.If someone wants to know your whereabouts, six of the nine apps will lend a hand.