December 08, 2021
907
0Online Dating and Security: How to Keep Privacy in Dating Apps
Popular online dating apps allow you to find a soulmate – and potentially reveal your personal photos, phone numbers, and even location to hackers, scammers, and maniacs.
Today, we will talk about online dating and security issues and consider the pitfalls of dating apps, how they threaten users, and how to protect personal data.
Full guide on user protection in social media apps here.
*Spoiler: Most dating apps listed in this article are not safe to use. If you want to find like-minded people and friends, register in the Utopia P2P ecosystem, and communicate in channels of interest.
Online dating and security: Popular dating apps
Tinder, OkCupid, Bumble, Mamba, Pure, Happn, and Feels are the most popular dating apps. Each of them has more than 100 million downloads in the Google Play Store and App Store, as well as millions of comments from users.
To work with each of these services, the user must register in the application, create a personal account, fill out the questionnaire, and upload photos. It would seem like nothing complicated, but only for those who do not think about the safety of their personal data.
Earlier, Kaspersky Lab experts checked the most popular dating apps and found how vulnerable they are to user information security. Tinder, Mamba, and Happn services were among the first test subjects on the list.
Online dating and security threats
#1: You’ve been noticed
If someone wants to find your location, most dating services will provide them with such an opportunity.
Tinder reveals only the approximate location and shows the distance to a user in kilometers. However, a stranger can quickly determine exactly where the “victim” is by moving around and recording geodata.
If you are pathologically afraid of stalkers, it is better not to register in Happn. The service shows how many meters separate you from another person and notifies users when their paths intersect.
#2: Insecure connection
Most applications transmit data to the server over the SSL protocol. This is the most secure type of communication that uses authentication capabilities and information encryption to preserve user privacy, but there are exceptions to the rules.
One of the most insecure services is Mamba. According to experts, in 2017 the Android version of the application did not encrypt device data (model, serial number, and so on), and the iOS version transmitted data over the unsecured HTTP protocol.
So far, the company has not explained whether the programmers managed to correct the flaws. But cybersecurity experts note that due to this, third parties could view users’ photos and messages and change their content.
Tinder for Android uses HTTP only to upload photos, allowing hackers to find out which profiles their potential victim is viewing.
#3: Social networks are moving away to scammers
The protection of dating services is powerless against such hacker attacks as man-in-the-middle (MITM). With the help of clever computer manipulations, the hacker creates a double server that gets in the way of your data while they are transferred to the original site. In this way they can view any photos or videos, listen to any audio, and read any text messages that you send.
Unfortunately, dating apps are not protected from such intrusion, which is bad news for users. Since almost all services require you to register via social networks, a hacker gets access to your pages there with the help of MITM.
Getting in the way of information, the programmer becomes the owner of a temporary key for authorization in your account, and for two to three weeks can use your Facebook, Instagram, etc. as their own.
Learn more about various network attacks here.
#4: Superhacker has superuser rights
Regardless of what data is stored on your smartphone, you can access it with superuser rights, or root rights. Root is the account of the main administrator in the Android operating system. With root access, you can change and delete system files, edit system settings, and the like.
Research has shown that Tinder and Happn are ready to provide third parties with access to superuser rights on your device. Thus, through dating apps, experts obtained authorization keys for social networks from all the listed services. The account information was encrypted, but the decryption data was easily extracted from the applications themselves.
iOS users were luckier — Apple’s system is almost impossible to hack in this way.
#5: The enemy from the next room
Do not forget that the interest in romantic correspondence of ordinary users often arises from their loved ones. For example, your presence on Tinder may interest your wife or boyfriend so much that they decide to install a keylogger on your smartphone.
This software or device will record your actions with your phone or computer — from pressing keys to mouse movements. This is how a person can learn your usernames and passwords (especially if they are in the running for worst person of the year).
Another way they could get your passwords is to contact a hacker directly. Offers of such services can be found even in popular social networks on the request “help to hack.”
The best methods to create a strong password are here.
How to protect matches and swipes
There are several ways to protect your personal data, photos, and correspondence and avoid disclosing your identity in the dating service account. The first danger in working with dating apps is that they invite users to synchronize their accounts with pages on social networks (Facebook, Instagram.)
As soon as the service gets access to your profile on an outside site, it has the opportunity to learn a little more about you and add details to your dating account. It may tell other users where you live, work, study, how old you are, and even pull up your childhood photos.
First, think about editing your profile on social networks. Even if your real name and place of study are the only published information, this information is easy to use to find you on other sites, for example on job search pages, where your resume and a lot of details about your personal life are presented.
It is even easier to find you by email, so if possible do not publish the address of your online mailbox.
The best emails to use to forget about data leaks.
Secondly, never upload the same photos to apps and dating sites that you already use on social networks. If the pictures match, then even the Google search engine will be able to give a link to your account to an outsider.
Thirdly, keep your phone number secret until the last. If the conversation on Tinder goes well, users exchange numbers for closer communication in the end. At this point it will be down to luck or fate, because the interlocutor will be able to find your pages on social networks if they are linked to the number.
Fourth, do not forget to check your location settings. In the end, you will still have to disclose where you are, but it will be better if the process becomes controlled. For example, disable the GPS tracking function in your smartphone’s options and prohibit websites and applications from detecting your address in the background.
Fifth, you should not hide information about yourself in one application, while all information about you is available in another. Using several dating sites and services at once increases your chances of finding a soulmate but threatens personal safety. Do not forget to monitor each of your dating profiles and make sure that they all tell potential partners only as much as you think is necessary.
Finally, just use complex passwords, carefully monitor whether your phone has fallen into the hands of other people (even very close ones). It may be better to buy an additional SIM card; if the hacker is your soulmate, you will have to hide like a real spy.
