Saturday, April 26, 2025
Latest:
  • Loading stock data...
FeaturedNewsUncategorised

Dating Apps Responds After Belgium Researchers Swipe Right To Expose Data Leaks In New Study

Arike Idris

Popular dating apps have spoken out following data leak findings in a recent research study about user data privacy. 

Security researchers at KU Leuven University recently published a report analysing 15 popular location-based dating platforms (LBD) on prevailing privacy or security risk that users may face when using the app. 

These brands consist of key players from well-known corporations like Bumble Inc and Match Group, as well as in certain continental regions. The following apps included in the report are Bumble, Tinder, Grindr, Hinge, Plenty of Fish, Badoo, OkCupid, Happn, MeetMe, Jaumo, TanTan, Hily, Tagged, Meetic, and LOVOO.

Systematic analysis reported the 15 apps “routinely exposed” personal data to others users. Findings also revealed Application Programming Interface (API) leaks data hidden in the User Interface (UI) of several apps, notably Tinder, Hily, and Tagged. Researchers additionally stated apps’ privacy policies generally fail to inform users about these privacy threats and leave the burden of protecting personal (sensitive) data to the users. 

The report noted: “Through a systematic analysis of 15 popular LBD apps, we find that they routinely expose personal data to other users. 

“While users may feel compelled to share such data, there is a particular risk when APIs leak data hidden in the UI as well as exact user locations, as users will not be aware that they are sharing this data, which can lead to additional harm. 

“Additionally, the apps’ privacy policies generally fail to inform users about these privacy threats and leave the burden of protecting personal (sensitive) data to the users.”

The study was published online by one of the authors Victor Le Pochat earlier this year. However, the postdoctoral researcher, along with fellow research author Karel Dhondt, are expected to present the findings at the Black Hat USA 2024 conference in Las Vegas on August 8.

Global Dating Insights has contacted all brands mentioned as well as their associated corporations and PR agencies for comment. 

Bumble Inc. (Bumble and Badoo)

A Bumble Inc spokesperson said: “As a global business with members in countries all over the world, we are committed to protecting our users’ privacy and have adopted a global approach to privacy compliance. We apply the high standards of the GDPR globally to the processing of all our personal data, in addition to any applicable region-specific laws.

“Supported by our dedicated privacy team and independent data Protection Officer, we enable our users to manage their data and strive to ensure transparency regarding the use of their data.”

Grindr

In a detailed statement, Grindr chief privacy officer Kelly Peterson Miranda summarised: “Your personal information is just that—personal. And in a world where data is so valuable, you need to know that yours is in safe hands. We use advanced security measures to protect your data, and we prioritize data minimization, focusing on collecting what is needed to make Grindr work and give you the best, curated experience.

“Every day, we’re working to create a space where you can authentically connect with others and explore the queer world around you—without worrying about your privacy or safety. We know those are real concerns, and that’s why we remain fully committed to protecting your data and providing you with an industry-leading platform where you can make meaningful connections and express yourself freely.”

Hily

A Hily spokesperson said: “When our team saw this study, we immediately contacted the authors and implemented changes according to their recommendations to protect against precise geolocation. I want to note that determining exact coordinates was almost impossible before.

“Now, we can assert that it is impossible (except in small towns with very few people, where everyone knows each other personally). As for the data in the API responses, this is not private information, and all this information can already be found in the application.”

LOVOO

LOVOO senior manager PR & corporate communications Hannes Wolf said: “The safety of our users and their personal data is of utmost priority to us. That’s why we have implemented a variety of security processes and are steadily developing further  product enhancements to keep our members and their personal data safe. 

“We are aware of the results of the report and take them very seriously. Currently, we are reviewing whether these findings, which generally seem to be based on an older web/app version, apply to our current offering. If any issue should be detected, we will resolve it as quickly as possible. 

“Having said that, we understand that the report suggests that LOVOO in most categories has performed above industry average in the areas researched. This includes the mentioned protection of personal locations of our users. 

“LOVOO was not among the apps that allow exact location determination of their users. We offer the option of profile validation on a voluntary basis which helps to make sure that registered users are using a photo of themselves as their profile picture. This safety measure is based on a photo ID process which complies with current industry standards.”

MeetMe

A MeetMe spokesperson said: “At MeetMe, nothing is more important to us than the safety of our members. We’ve implemented a variety of industry-first practices and product enhancements to help keep our members safe.  

We are aware of this report and take any security risk seriously. In the event that an issue is detected, we work to resolve it as quickly as possible to ensure our members can continue to enjoy their experience safely on our platform.” 

Jaumo

Jaumo founder and CEO Jens Kammerer said: “We have reviewed the article “Swipe Left for Identity Theft: An Analysis of User Data Privacy Risks on Location-based Dating Apps” from the Belgian researchers.

“At Jaumo, we take user privacy very seriously and are committed to ensuring the highest data protection standards. In light of the findings, we are already addressing these issues. We will update our API to ensure it fully respects user privacy and prevents unintended data leaks, such as when a visitor has not filled out those fields. We appreciate your patience as we work on these improvements.”

Global Dating Insights is part of the Industry Insights Group. Registered in the UK. Company No: 14395769