Dating apps may not be secure: Kaspersky researchers detail risk

By Brittany Roston/Oct. 27, 2017 8:08 pm EST

Dating apps contain a lot of personal information about their users, and that makes any security risks particularly newsworthy. A single hack could reveal intimate messages and photos from thousands of users, opening them to potential blackmail at the hands of hackers or, perhaps worse, leave them exposed for anyone to spy on if the data were released on the Internet. That makes a new report from Kaspersky researchers particularly troubling.

According to a report published on Kaspersky's Secure List, dating apps may leave users vulnerable to various security risks, some due to the information they directly provide, others due to security vulnerabilities. For example, the team looked at how easily someone can track a user based on the information that was readily available on the app, such as a place of work.

As you've probably guessed, it isn't that hard to figure out who a person is using social media based on the little data made public through the dating apps. The researchers said that using education and job information users made available on Tinder, Bumble and Happn, they were able to find social media pages with full names for 60-percent of cases.

Users can choose whether or not to share that information, though, whereas in more concerning cases the information is left vulnerable by the service itself. For example, the researchers found that the Android versions of Paktor, Tinder and Bumble upload images in unencrypted HTTP, leaving them vulnerable if the user is on an unsecured WiFi network. The same is reportedly true for the iOS version of Badoo.

The Android version of Tinder clone Paktor, meanwhile, was found to transmit a bunch of sensitive data that isn't encrypted, including the user's name, GPS location, and birth date. More worrisome is the app Mamba, which the researchers found to be especially vulnerable on iOS; they say it doesn't use encryption, instead sending plainly exposed data to the server...including a user's messages.

The team summarizes their vulnerability findings for each app in the chart below:

SOURCE: Secure List