A bevy of mobile dating apps including the infamous Tinder, have vulnerabilities that could reveal a user’s messages and the people they have viewed in the apps.
Researchers from security firm Kaspersky Lab found that it was very easy to effectively online stalk Tinder, Bumble and Happn users due to the amount of information the apps display about their users, such as jobs and education, as well as linking to easily accessed Instagram accounts.
With this data, the researchers found that in 60% of cases, they were able to find a user’s social media profile on sites such as Facebook and LinkedIn, which reveal the person’s full or real name.
Furthermore, stalkers with a bit of technical nous and plenty of time on their hands can use location based apps like Tinder and Happn to work out a user’s exact location.
“Even though the application doesn’t show in which direction, the location can be learned by moving around the victim and recording data about the distance to them,” the researchers explained.
“This method is quite laborious, though the services themselves simplify the task: an attacker can remain in one place, while feeding fake coordinates to a service, each time receiving data about the distance to the profile owner.”
But more alarming still is that in a clutch of dating apps data flowing between them and the social media sites they connect to in order to authenticate user’s, mainly Facebook, is vulnerable to interception.
Authentication tokens from Facebook can be stolen by hackers and used to gain access to the victim’s dating app account. From there the hackers can access messages and other user-specific content and activities.
“In addition, almost all the apps store photos of other users in the smartphone’s memory. This is because apps use standard methods to open web pages: the system caches photos that can be opened. With access to the cache folder, you can find out which profiles the user has viewed,” the researchers added.
This situation isn’t helped with some of the apps found to be transmitting unencrypted sensitive data, for example Mamba transmits message data in an unencrypted format.
Kaspersky Lab has alerted the app makers, who should move to fix the vulnerabilities, but in the meantime the researchers suggest users of dating apps don’t put their job or place of work on their profiles and avoid unsecured public Wi-Fi networks.
Read more at http://www.trustedreviews.com/news/tinder-dating-app-vulnerabilities-3316880#qjUSEmfdGvSiQSGq.99