SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Threats of stalking and doxing still loom on dating apps
Thu, 1st Jul 2021
FYI, this story is more than a year old

While dating apps have become safer, they still pose significant risk to users, leaving them vulnerable to threats including cyberstalking and doxing.

That's the conclusion from a new report from cybersecurity firm Kaspersky, after researchers conducted an in-depth study of nine popular dating apps to assess how safe they were.

Meeting the love of your life at a party seems like a thing of the past with online dating experiencing a major boom—not in the least thanks to the pandemic. Tinder reached a record 3 billion swipes in a single day in March 2020, while OkCupid experienced a massive 700% increase in dates from March to May that same year.

Amidst this growing popularity, Kaspersky decided to replicate its research from 2017 into the dating app landscape to see what's improved and what hasn't in terms of their security.

For their research, Kaspersky analysed nine popular and highly rated dating apps with global user bases: Tinder, Bumble, OkCupid, Mamba, Pure, Feeld, Her, Happn, and Badoo. What they found was that, when compared to 2017, while dating apps have become safer from a technical standpoint, major privacy risks remain.

In 2017, four of the apps studied made it possible to intercept data sent from the app, and many used the unencrypted HTTP protocol. However, in 2021, the situation has significantly improved. None of the apps studied use HTTP, and no data is sent if the protocol is not secure.

That said, significant privacy concerns remain with dating apps. Most dating apps allow users to register their account with one of their social networking sites (Instagram, Facebook, Spotify, etc.). If the user chooses to do this, then their profile is automatically populated with information from that social networking site, such as photos and profile information.

Users are also invited to share information such as their place of work or university. All of the aforementioned data makes it easy to find dating app users' social media accounts, and depending on their privacy settings on those accounts, a host of other personal information.

In addition, apps like Happn, Her, Bumble, and Tinder make it obligatory for users to share their location. Some apps, like Mamba, share the distance of users to the nearest meter. Happn has an additional functionality that lets users see how many times and in what locations their matches have crossed paths with them.

Access to data such as users' location, place of work, name, contact information, etc., leaves them vulnerable to cyberstalking or even physical stalking, as well as doxing (whereby previously private information is made public in order to shame or harm the victim).

What's more, Mamba is the only application that lets users blur their photos for free, and Pure is the only one that prohibits users from taking screenshots of chats. This makes it possible for users to have their chats and photos shared without their permission, potentially for blackmail purposes or doxing.

However, many apps have been adding paid versions, and these include additional choices—often choices that can enhance users' security. For example, in the paid versions of Tindr and Bumble, you can manually choose your location to a specific region. Since only a region is available rather than a specific distance, it's much harder to determine a user's exact location. And some paid versions of apps, like Happn, offer users an “incognito mode”, whereby users can hide their profile from those they haven't swiped right on and strangers.

“It's always challenging to find a balance between building a digital presence and maintaining your privacy online, and the shift to online dating creates yet another area where users have to determine the best way for them to forge connections while protecting their security," says Tatyana Shishkova, security expert at Kaspersky.

"Thankfully, what we've seen over the past few years is that dating apps are moving in the right direction, letting users connect more safely.

"They're working to keep the data secure, and, in the paid versions of many of the apps, users can do things like manually specify their location or blur their photos," she says.

"Hopefully, in the future, these options will be available in all apps for free. The best thing users can do to stay safe is to be careful about the data they're sharing about themselves, both on their dating profiles and in conversations."

To say safe when using dating apps, Kaspersky experts recommend the following:

•       Do not share too much personal information (last name, employer, photos with friends, political views, etc) in your profile

•       Do not tie other social media accounts to your profile

•       Select your location manually, if possible

•       Use two-factor authentication, if possible

•       Delete or hide your profile if you are no longer using the app

•       Use the built-in messenger in dating apps. It's better to move to other messengers only if you trust your match. If you finally decide to do so, set up the chat in way that keeps your private info secured.

•       Use a trusted security solution on your devices, such as Kaspersky Security Cloud. It will help you detect any malicious or suspicious activity across your gadgets, as well as check the security of the URL that you're visiting.