Employees using dating apps on their company phones could put sensitive corporate and personal data at risk, according to a new study.
IBM Security found that 60% of the Android dating apps they analysed were vulnerable to attacks from hackers.
Of the 41 Android apps IBM tested, 26 were found to have “medium or high severity vulnerabilities.”
The vulnerabilities identified on the apps included cross site scripting via man in the middle, debug flag enabled, weak random number generator and phishing via man in the middle.
IBM said if these vulnerabilities were exploited, an attacker could potentially use the mobile device to conduct attacks.
The flaws include false dating app messages being sent to the user, which installs malware on the smartphone, gaining access to the owner’s current and past GPS information.
IBM said 73% of the apps analysed required access to this location info.
They also found that 48% of the apps had access to user credit card information and mobile wallet data.
The security team also warned that hackers could potentially access your microphone and camera, in order to record business meetings, or personal conversations.
These were apps from the Google Play store in October 2014, and while IBM have not named them, they contacted each of the app makers, alerting them to the security flaws.
And their analysis stated that 50% of businesses had at least one employee with one of these at-risk dating apps installed on their phones.
IBM Security Vice President Caleb Barlow said: “Consumers need to be careful not to reveal too much personal information on these sites as they look to build a relationship.
“Some users may be engaged in a dangerous trade-off – with increased sharing resulting in decreased personal security and privacy.”
View more of their analysis in the infographic below, and find out more here.
