Dating apps tighten data security after KU Leuven discovers leaks
People with bad intentions can easily get hold of sensitive data and the exact locations of dating app users, new research from KU Leuven shows. Most apps have since made adjustments to better protect their users.
Researchers at KU Leuven have found among the 15 most popular dating apps that data is often too easily visible to others. Some data, such as name, age or place of residence, are often visible in the app (either mandatory or by choice of the user). However, the new research now shows that even data that should be invisible can easily be found via internet traffic between app and server.
Initially, the researchers made visible the data that the apps get from the servers about other users, which, according to the scientists, is not at all difficult for someone with some computer knowledge. In a second phase, they also actively modified that data traffic to see if it would reveal any additional data. “We only used the built-in functions of the apps, so we did not hack the servers, and we only worked with our self-created profiles, so we did not see any data from real users,” said researcher Karel Dhondt.
The results were clear: all apps leaked personal and sensitive data, such as gender and sexual orientation, about other users. At Bumble, the researchers were able to see a user's age and gender preferences by adjusting the data traffic. Six of the 15 apps also leaked detailed location data, allowing the researchers to find out an almost exact location of the user.
“‘The risks are clear,” says researcher Victor Le Pochat. “The personal and sensitive data that we were able to expose by simple means is of golden value to people with bad intentions, who can be either acquaintances near you or complete strangers. Releasing personal data makes users vulnerable to online manipulation via phishing or identity theft. When you combine that with sensitive data such as sexual orientation and someone's location, it can lead to physical danger, such as stalking or assault, or even government prosecution, as has already happened in Egypt to lgbtq users.”
The researchers shared the results of their research with app makers. Most of them made the necessary adjustments to plug these leaks, including leaks of exact user locations.
Earlier this week, a deadly shooting took place in Brussels that was believed to be the result of homophobic violence. The perpetrators allegedly tried to set a trap via Grindr. The dating app subsequently admonished its users to exercise caution.
#FlandersNewsService | Grindr app © Chris DELMAS / AFP