Popular dating apps such as OkCupid, Tinder, and Bumble have vulnerabilities that make users’ personal information potentially accessible to stalkers, black mailers, and hackers.
The security lapses, which vary in terms of their severity and feasibility, could expose people’s names, login information, location, message history, and other account activity, warned researchers at Kaspersky Lab, a Moscow-based cybersecurity firm that’s been the subject of recent controversy in the U.S., in a new report.
“We are not going to discourage people from using dating apps, but we would like to give some recommendations on how to use them more safely,” the researchers said. They looked at a total of nine mobile match-making services that, in addition to the ones named above, included Badoo, Mamba, Zoosk, Happn, WeChat, and Paktor.
——Advertisement starts here ——
NRIForShaadi.com World’s #1 App for NRI Matrimony. Thousands of members near your GPS Location. Download from NRIApps.com ———Advertisement ends here ———
(The companies either did not immediately respond to Fortune’s request for more information, or did not provide an official comment.)
The first flaw allowed the researchers to de-anonymize, or unmask, people’s real identities. They used public profile information, such as education and employment history, which romance-seekers have the option to list on Tinder, Happn, and Bumble, to identify their accounts on other social networks.
“Using that information, we managed in 60% of cases to identify users’ pages on various social media, including Facebook and LinkedIn, as well as their full names and surnames,” the researchers said. Linked Instagram accounts, a common feature on many of these services, helped the team pursue leads too.
With full names and profiles at hand, there’s nothing to stop a creep from harassing a target through another social channel.
Get Data Sheet, Fortune’s technology newsletter
Another set of weaknesses in the apps allowed the researchers to pinpoint people’s whereabouts. The trick involved using information about the distance from a potential match to triangulate a person’s actual location.
“An attacker can remain in one place, while feeding fake coordinates to a service, each time receiving data about the distance to the profile owner,” the researchers said, noting that Tinder, Mamba, Zoosk, Happn, WeChat, and Paktor were the most vulnerable to this sort of potential privacy breach. (Earlier studies have called attention to this threat, the researchers pointed out.)
The most compelling vulnerabilities uncovered by the Kaspersky crew, however, involved encryption of traffic, or lack thereof, between phones and dating app servers. While most of the apps used HTTPS—a more secure, encrypted way to transmit data—Tinder, Paktor, and Bumble’s Android app, and Badoo’s iOS app used barebones HTTP—a protocol vulnerable to eavesdropping—for photo uploads.
In practice, this means that if someone is using one of these apps on an unsecured public Wi-Fi network, or on a network controlled by a snooper, the eavesdropper can see certain activity, like which accounts a person is viewing.
Some apps had issues with encryption for various pieces of transmitted data. Happn sent names of common friends in the clear. Paktor did the same for people’s email addresses.
Read More @ fortune
Contact PhoenixGMN or PhoenixInfomedia.in for all your App & Web design development needs. Other services include – SEO, Online Promotion, Digital Marketing, App Explainer Videos, eShops & much more. Checkout Our Handpicked Apps Portfolio & Videos here – https://goo.gl/DzcCWd
