The top 30 online dating apps all have security flaws that puts the personal data of users at risk, a new study says.
Mobile app security company nVisium conducted an in-depth security study on the top 30 dating apps.
They found that 80% leak personal information to third party services, and that 70% have issues which allow a person’s actual identity to be revealed.
This week, Senator Al Franken’s Location Privacy Protection Act had its first hearings, which would require all companies to get permission before collecting and sharing location data.
nVisium say that all 30 of the top dating apps have at least one security loophole, with some worse offenders than others.
With the current proliferation of location-based dating apps, there have been recent instances where the location data of users was discoverable using simple methods.
IncludeSecurity found a vulnerability in Tinder that allowed them to pinpoint users’ exact locations, using triangulation.
nVisium’s study says that 100% of the apps they studied didn’t encrypt information before sending it across the internet, and 60% do not encrypt information at all.
Regarding user data, they found that 50% of the dating apps stored unencrypted user passwords and usernames on the device.
Last November, it was discovered by security researcher Brian Krebs that the information of 42m people was hacked from Australian dating company Cupid Media.
This was possible because of the lack of encryption, as all the information on the site was plaintext, and included names, email addresses, DOBs and passwords.
The mobile security company recommends turning off location sharing and advertisements, geolocation of photos, and setting a passcode on your device.
See the infographic below:
