Threat actors often attack dating apps to steal personal data, including sensitive data and location details, which can be used in identity theft, blackmailing people, or other malicious activities.
Since these applications are a goldmine of personal experiences and chats, hackers consider them as lucrative options for their malicious activities.
Cybersecurity researchers at DistriNet Research Unit recently analyzed the usability of establishing accounts, data transfer methods, and confidentiality clauses in 15 popular dating applications.
In their analysis, they identified that location-based dating apps expose users to privacy risks by sharing personal and sensitive information with potential matches.
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.
Dating Apps Exposing Location Details
Location-based dating (LBD) apps are mobile applications that use proximity and user preferences to suggest potential partners for romantic or social purposes.
This assessment studied the data collection techniques and privacy controls used by 15 renowned LBD apps and their susceptibility to location inference attacks.
Here below, we have mentioned the 15 apps that are analyzed:-
- Tinder
- Badoo
- POF
- MeetMe
- Tagged
- Grindr
- Tantan
- Jaumo
- LOVOO
- happn
- Bumble
- Hinge
- Hily
- OkCupid
- Meetic
A large number of applications collect personal and sensitive information about users, such as demographic characteristics, sexual orientation, and health records.
As others require some fields to be filled before they create profiles.
A few applications had weak points, like trilateration, that made it easy to locate individuals using them and helped reveal their exact positions. Also, some apps had API vulnerabilities, which disclosed hidden data.
This highlights how unsafe LBD can be and also showcases the need for enhanced protection for personal data, more user openness, and better security policies within this fast-growing segment of online dating services.
While most LBD app privacy policies do matter, the level of their detail and transparency varies significantly.
Although many policies admit processing sensitive data and location information, they often fail to provide any specific privacy controls or potential risks.
Besides this, notable differences exist between stated policies and actual app behaviors, particularly regarding location permissions, profile visibility options, and data-sharing practices.
For example, only 3 out of 15 apps claim that they need geolocation permission to run on a device, contrary to their policies.
Furthermore, only two apps state exactly which user data is visible to others.
The research shows that some applications leak data through API vulnerabilities, which counter their privacy guarantees.
These results emphasize how far apart privacy policy declarations can be from the actual handling of personal information in LBD apps.
This indicates an urgent need for greater transparency, better user management tools, and greater openness between policy statements and real-life protection arrangements.
Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo