Our experts studied the most popular mobile online dating apps (Tinder, Bumble, Ok Cupid, Badoo, Mamba, Zoosk, Happn, We Chat, Paktor), and identified the main threats for users.
We informed the developers in advance about all the vulnerabilities detected, and by the time this text was released some had already been fixed, and others were slated for correction in the near future.
This concerns only Android-based devices; malware able to gain root access in i OS is a rarity.
The result of the analysis is less than encouraging: Eight of the nine applications for Android are ready to provide too much information to cybercriminals with superuser access rights.
That’s actually the app’s main feature, as unbelievable as we find it.
Most apps transfer data to the server over an SSL-encrypted channel, but there are exceptions.
All of the other apps indicate the distance between you and the person you’re interested in.
By moving around and logging data about the distance between the two of you, it’s easy to determine the exact location of the “prey.” Happn not only shows how many meters separate you from another user, but also the number of times your paths have intersected, making it even easier to track someone down.Such data is not only viewable, but also modifiable.For example, it’s possible for a third party to change “How’s it going? Mamba is not the only app that lets you manage someone else’s account on the back of an insecure connection. However, our researchers were able to intercept Zoosk data only when uploading new photos or videos — and following our notification, the developers promptly fixed the problem.Tokens are valid for 2–3 weeks, throughout which time criminals have access to some of the victim’s social media account data in addition to full access to their profile on the dating app.Regardless of the exact kind of data the app stores on the device, such data can be accessed with superuser rights.However, not every developer promised to patch all of the flaws.