{"id":40628,"date":"2021-07-16T17:43:42","date_gmt":"2021-07-16T21:43:42","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=40628"},"modified":"2022-05-05T04:40:22","modified_gmt":"2022-05-05T08:40:22","slug":"mwc21-online-dating-apps","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/mwc21-online-dating-apps\/40628\/","title":{"rendered":"Online dating and security"},"content":{"rendered":"<p>Dating apps are supposed to be about getting to know other people and having fun, not handing out personal data left, right and center. Unfortunately, when it comes to dating services, there are security and privacy concerns. At the <a href=\"https:\/\/www.kaspersky.com\/blog\/tag\/mwc\/\" target=\"_blank\" rel=\"noopener nofollow\">MWC21<\/a> conference, Tatyana Shishkova, senior malware analyst at Kaspersky, presented a <a href=\"https:\/\/securelist.com\/dating-apps-report-2021\/103000\/\" target=\"_blank\" rel=\"noopener\">report about online dating app security<\/a>. We discuss the conclusions she drew from studying the privacy and security of the most popular online dating services, and what users should do to keep their data safe.<\/p>\n<h2>Dating app security: what\u2019s changed in four years<\/h2>\n<p>Our experts previously carried out a similar study several years ago. <a href=\"https:\/\/securelist.com\/dangerous-liaisons\/82803\/\" target=\"_blank\" rel=\"noopener\">After researching nine popular services in 2017<\/a>, they came to the bleak conclusion that dating apps had major issues regarding the secure transfer of user data, as well as its storage and accessibility to other users. Here are the main threats revealed in the 2017 report:<\/p>\n<ul>\n<li>Of the nine apps studied, six did not hide the user\u2019s location.<\/li>\n<li>Four made it possible to find out the user\u2019s real name and locate other social network accounts of theirs.<\/li>\n<li>Four allowed outsiders to intercept app-forwarded data, which could contain sensitive information.<\/li>\n<\/ul>\n<p>We decided to see how things had changed by 2021. The study focused on the nine most popular dating apps: Tinder, OKCupid, Badoo, Bumble, Mamba, Pure, Feeld, Happn and Her. The lineup differs slightly from that of 2017, since the online dating market has changed a bit. That said, the most used apps remain the same as four years ago.<\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/kr24xE9-9t4?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<h3>Security of data transfer and storage<\/h3>\n<p>Over the past four years, the situation with data transfer between the app and the server has significantly improved. First, all nine apps we researched this time around use encryption. Second, all feature a mechanism against certificate-<a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/spoofing\/\" target=\"_blank\" rel=\"noopener\">spoofing<\/a> attacks: on detecting a fake certificate, the apps simply stop transmitting data. Mamba additionally displays a warning that the connection is insecure.<\/p>\n<p>As for data stored on the user\u2019s device, a potential attacker can still gain access to it by somehow getting hold of <a href=\"https:\/\/www.kaspersky.com\/blog\/android-root-faq\/17135\/\" target=\"_blank\" rel=\"noopener nofollow\">superuser (root) rights<\/a>. However, this is a rather unlikely scenario. Besides, root access in the wrong hands renders the device basically defenseless, so data theft from a dating app is the least of the victim\u2019s problems.<\/p>\n<h3>Password emailed in cleartext<\/h3>\n<p>Two of the nine apps under study \u2014 Mamba and Badoo \u2014 mail the newly registered user\u2019s password in plain text. Since many people don\u2019t bother to change the password immediately after registration (if ever), and tend to be sloppy about mail security in general, this is not a good practice. By hacking the user\u2019s mail or intercepting the e-mail itself, a potential attacker can discover the password and use it to gain access to the account as well (unless, of course, two-factor authentication is enabled in the dating app).<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2021\/07\/16173833\/mwc21-online-dating-apps-1.jpg\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-40629\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2021\/07\/16173833\/mwc21-online-dating-apps-1.jpg\" alt=\"Report by Tatyana Shishkova at MWC21\" width=\"1460\" height=\"978\"><\/a><\/p>\n<h3>Mandatory profile photo<\/h3>\n<p>One of the problems with dating services is that screenshots of users\u2019 conversations or profiles can be misused for doxing, shaming and other malicious purposes. Unfortunately, of the nine apps, only one, Pure, lets you create an account without a photo (i.e., not that easily attributable to you); it also handily disables screenshots. Another, Mamba, offers a free photo-blurring option, allowing you to show your pictures only to users you choose. Some of the other apps also offer that feature, but only for a fee.<\/p>\n<h3>Dating apps and social networks<\/h3>\n<p>All of the apps in question \u2014 aside from Pure \u2014 allow users to register through a social network account, most often Facebook. In fact, this is the only option for those who don\u2019t want to share their phone number with the app. However, if your Facebook account isn\u2019t \u201crespectable\u201d enough (too new or too few friends, say), then most likely you\u2019ll end up having to share your phone number after all.<\/p>\n<p>The problem is that most of the apps automatically pull Facebook profile pics into the user\u2019s new account. That makes it possible to link a dating app account to a social media one simply by the photos.<\/p>\n<p>In addition, many dating apps allow, and even recommend, users to link their profiles to other social networks and online services, such as Instagram and Spotify, so that new photos and favorite music can be automatically added to the profile. And although there is no surefire way to identify an account in another service, dating app profile information can certainly help in finding someone on other websites.<\/p>\n<h3>Location, location, location<\/h3>\n<p>Perhaps the most controversial aspect of dating apps is the need, in most cases, to give your location. Of the nine apps we investigated, four \u2014 Tinder, Bumble, Happn and Her \u2014 require mandatory geolocation access. Three let you manually change your precise coordinates to the general region, but only in the paid version. Happn has no such option, but the paid version allows you to hide the distance between you and other users.<\/p>\n<p>Mamba, Badoo, OkCupid, Pure and Feeld do not require <em>mandatory<\/em>\u00a0access to geolocation, and let you manually specify your location even in the free version. But they do offer to automatically detect your coordinates. In the case of Mamba especially, we advise against giving it access to geolocation data, since the service can determine your distance to others with a frightening accuracy: one meter.<\/p>\n<p>In general, if a user allows the app to show their proximity, in most services it is not hard to calculate their position by means of triangulation and location-spoofing programs. Of the four dating apps that require geolocation data to work, only two \u2014 Tinder and Bumble \u2014 counteract the use of such programs.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2021\/07\/16173840\/mwc21-online-dating-apps-2.jpg\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-40630\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2021\/07\/16173840\/mwc21-online-dating-apps-2.jpg\" alt=\"One of the biggest problems with dating apps is the ability to determine user location\" width=\"1460\" height=\"800\"><\/a><\/p>\n<h2>Takeaways<\/h2>\n<p>From a purely technical viewpoint, dating app security has improved significantly in the past four years\u00a0\u2014 all the services we studied now use encryption and resist <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/man-in-the-middle-attack\/\" target=\"_blank\" rel=\"noopener\">man-in-the-middle attacks<\/a>. Most of the apps have <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/bug-bounty\/\" target=\"_blank\" rel=\"noopener\">bug-bounty<\/a> programs, which assist in the patching of serious vulnerabilities in their products.<\/p>\n<p>But as far as privacy is concerned, things are not so rosy: the apps have little motivation to protect users from oversharing. People often post far more about themselves than is sensible, forgetting or ignoring the possible consequences: <a href=\"https:\/\/www.kaspersky.com\/blog\/doxing-methods\/39651\/\" target=\"_blank\" rel=\"noopener nofollow\">doxing<\/a>, stalking, data leakage and other online woes.<\/p>\n<p>Sure, the problem of oversharing is not limited to dating apps \u2014 things are no better with social networks. But due to their specific nature, dating apps often encourage users to share data that they are unlikely to post anywhere else. Moreover, online dating services usually have less control over who exactly users share this data with.<\/p>\n<p>Therefore, we recommend all users of dating (and other) apps to <a href=\"https:\/\/www.kaspersky.com\/blog\/dating-apps-privacy-and-safety\/38754\/\" target=\"_blank\" rel=\"noopener nofollow\">think more carefully about what and what not to share<\/a>.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"ksc-trial-generic\">\n","protected":false},"excerpt":{"rendered":"<p>How secure are online dating apps privacy-wise?<\/p>\n","protected":false},"author":2706,"featured_media":40631,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1788,1789],"tags":[109,320,4139,296],"class_list":{"0":"post-40628","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-privacy","8":"category-technology","9":"tag-apps","10":"tag-mobile-world-congress","11":"tag-mwc21","12":"tag-online-dating"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/mwc21-online-dating-apps\/40628\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/mwc21-online-dating-apps\/23063\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/mwc21-online-dating-apps\/18545\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/mwc21-online-dating-apps\/25029\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/mwc21-online-dating-apps\/23039\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/mwc21-online-dating-apps\/22361\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/mwc21-online-dating-apps\/25671\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/mwc21-online-dating-apps\/25136\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/mwc21-online-dating-apps\/31051\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/mwc21-online-dating-apps\/9843\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/mwc21-online-dating-apps\/17336\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/mwc21-online-dating-apps\/17809\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/mwc21-online-dating-apps\/15060\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/mwc21-online-dating-apps\/27075\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/mwc21-online-dating-apps\/31254\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/mwc21-online-dating-apps\/27301\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/mwc21-online-dating-apps\/24099\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/mwc21-online-dating-apps\/29440\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/mwc21-online-dating-apps\/29232\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/mwc21\/","name":"MWC21"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/40628","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2706"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=40628"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/40628\/revisions"}],"predecessor-version":[{"id":40633,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/40628\/revisions\/40633"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/40631"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=40628"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=40628"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=40628"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}