Dating apps became safer, but not in terms of privacy

Kaspersky Lab experts tested a number of online dating applications and came to the conclusion that they have become safer.

It turned out that dating services are now better protected from a technical point of view, especially in terms of data interception. However, privacy risks still persis: such applications store a lot of personal information that can be used for cyberstalking (Internet stalking) and doxing (publishing data about a person without their awareness and consent to harm their reputation).

In 2017, four of the nine applications studied were capable of intercepting data being sent, and many were using HTTP. The situation has improved significantly in 2021. So, none of the applications studied uses HTTP, and no data is transmitted at all if the protocol is insecure.

But many privacy concerns remain.

Happn, Her, Bumble and Tinder users are required to provide their location. Some apps, like Mamba, show it to within a meter. Happn has additional functionality that allows account holders to see how many times and where they have crossed paths with their match (the person that responded in the app).

All this data, as well as the content of chats and photos, can be used for stalking on the web or in the real world, as well as for doxing.

Mamba is the only app we studied that allows blurring photos for free, while Pure is the only one that doesn’t allow taking screenshots of chats.

Some additional privacy options are subject to a fee. So, in the paid versions of most of the services studied, you can enable incognito mode. In this case, the profile is visible only to those users to whom its owner has expressed sympathy. In the paid versions of Tinder and Bumble, you can manually select a region and not provide more specific clarifications by location.

Alas, as in previous research, most Android apps store messages and cached photos on the device. That is, an attacker can get access to them using malware.

Mamba and Badoo even send an email with the generated password to log into the account in clear text, which definitely cannot be attributed to good security practices.

Let me remind you that we also reported that Famous hacker through vulnerability in vBulletin crushed into forums for sex workers.