If you thought all those bad opening lines you sent on dating apps were private, you might want to think again. Researchers at the Kaspersky Lab in Moscow found vulnerabilities in several platforms, including Tinder, Bumble, and OkCupid. They were able to access all kinds of user data, including messages, locations, real names, and viewing history.
The research team, consisting of Roman Unuchek, Mikhail Kuzin, and Sergey Zelensky, tested nine different apps in total. In addition to Tinder, OkCupid, and Bumble, they also looked at Badoo, Mamba, Zoosk, Happn, WeChat, and Paktor. For each, the researchers tested both the iOS and Android apps. Some of the exploits were basic, like using somebody’s first name and education history to find them on another platform — who among us has not gone incognito and then prescreened a date on LinkedIn — and confirm their real name. Others were trickier, like using an app’s location feature to trace where a user is swiping or messaging from by using dummy coordinates and monitoring how far a user appeared to have moved to pin down where they actually were. (This was a problem for six of the apps, including Tinder.) The Kaspersky team was also able to access information on which profiles users had looked at, messages Android users had sent, and even to log in to some profiles and send messages from user accounts. (That last one only applies to Mamba. Also, several of the exploits require the hacker to have a user’s phone on hand to be completed. Still, yeesh.)
At the end of their results — which you can read a full technical report on here — Kaspersky charted the stalking risk of each app, or how successful the team was in “finding the full name of the user, as well as their accounts in other social networks.” Happn and Paktor got a 100 percent score, while Bumble and Tinder clocked in at 50 percent and 60 percent, respectively. (The other apps received 0 percent scores.) The chart also marked which apps had vulnerable messaging systems. For that, Tinder, Bumble, OkCupid, Happn, Badoo, and WeChat were all in the “yes” column. Kaspersky said it has informed each company of its issues and offered some tips for using dating apps safely. Or, as safely as one can do anything online these days. “Our universal advice is to avoid public Wi-Fi access points, especially those that are not protected by a password, use a VPN, and install a security solution on your smartphone that can detect malware,” the report concludes. “Secondly, do not specify your place of work, or any other information that could identify you.”