Popular dating apps can be exploited to reveal the messages you’ve sent, your location and the profiles you’ve viewed, a report has revealed.
Tinder, Bumble and OkCupid are among the apps vulnerable to hacking, researchers from Russian security firm Kaspersky Lab found.
Location information, identifiable personal data and unencrypted messages were exposed during testing of the apps for Apple’s iOS and Google’s Android smartphone operating systems.
Numerous apps, including Tinder, Happn and Zoosk, contain location-tracking data which displays the distance between users, which could aid potential stalkers in tracking victims.
“Even though the application doesn’t show in which direction, the location can be learned by moving around the victim and recording data about the distance to them,” the team found.
“This method is quite labourious, though the services themselves simplify the task: an attacker can remain in one place, while feeding fake coordinates to a service, each time receiving data about the distance to the profile owner.” The Android versions of Tinder, Bumble and Paktor all upload user photos using unencrypted HTTP, which the team was able to exploit to reveal the profiles certain users had looked at and which pictures they’d opened.
They were also able to forcibly gain control of Tinder, Bumble, OkCupid, Badoo, Happn and Paktor Android accounts by exploiting a vulnerability in linking the user’s Facebook account to the app for easy log-in, giving the attacker ‘superuser rights’ and access to the user’s correspondence.
One app, Mamba, transmits data in an unencrypted format, leaving it open to snoopers.
The team was able to view and modify the information it shared with servers, and gain access to the user’s account and messages.
Some of the methods were less complicated. Sensitive data, such as the user’s workplace or education, was swiftly used to track them down on social media in 60 per cent of cases, the researchers found.
The researchers recommended all dating app users avoid using unprotected public Wi-Fi connections, install apps on your smartphone capable of detecting malware and avoid mentioning any information which could be used to identify you. Kaspersky Lab is alleged to have aided Russia’s Federal Security Service (FSB) in stealing cyberweapons from an NSA employee’s home PC – a claim its chief executive Eugene Kasperky rigorously denies.
This story first appeared on our sister site, the i.