Dating apps: the kiss of death for personal data!

In today’s digital world, it’s perfectly acceptable to find the love of your life on a dating app. We can no longer even keep track of all these types of applications on the market: Tinder, Meetic, Happn, Grindr, Badoo and many more. This practice, although now commonplace, is not without its dangers. Indeed, the security of personal data is still a major problem for dating apps.

The basic shortcomings of these companies are to blame, whether it involves the security of its networks or the servers used. This type of security needs to be a priority because once hacking takes place, personal data along with message content will be the first to be exposed.


An imperfect match?

The most troubling type of situation is the malicious use of personal information by others. The biggest risk is, in fact, the person behind the screen: whether they’re your “match” or not, they have your personal data.

According to a study conducted by UFC Que Choisir in November 2018, 18% of the 1,892 respondents admitted to having been victims of an attempted extorsion on a dating site.

All it takes is for apps like Tinder to link your account to your various social networks to create a gateway for cyber stalkers. Even if this doesn’t pose a problem for the people you meet (your “matches”), it turns out that too many people have access to it. With one click, you can view and comment on a person’s account on another social network, whether you’ve had previous contact with them or not.

Experts often highlight the fact that users can gather enough information on a person via the application to find them on Facebook and LinkedIn or even get their email address.

Worse, we are noticing an increase in reverse searches on Google Images in order to find a person through photos posted on social media. Indeed, this tool is particularly capable of identifying Facebook profile photos.

According to Le Monde, applications with fewer than 10 million users receive between 200 and 300 reports per day of inappropriate behavior from the users of these platforms.


Tinder, Badoo, WeChat in the crosshairs of hackers

There’s nothing more to see between Meetic, pioneer of the dating site, and new applications like Tinder or Happn, who’ve managed to combine the latest technological trends for serving up the “perfect match“.

At the forefront, we see geolocation. Through geolocation, applications allow members to identify each other when they are nearby, without giving away the position of the other. Nevertheless, a user armed with a bit of technical know-how can send false coordinates and find out where the other user is. As already explained, Tinder and Happn, in addition to Zoosk and Wechat, are applications that are more vulnerable to this type of invasion of privacy.

Second problem: the absence of encryption between phones and the servers on which member data is stored. The majority of applications use an HTTPS (HyperText Transfer Protocol Secure), a secure and encrypted method for transmitting data.

However, until the end of 2017, the Android version of the Tinder app and the iOS version of Badoo were still using the http protocol, which is a protocol that’s much more vulnerable on public WiFi networks which, as you’ll recall, are not always secure. It remains to be seen whether these systems have changed or if they’re still outdated…


Trouble for Grindr

The Grindr app is incidentally the first application to have used geolocation technology on smartphones for facilitating meet-ups. In 2018, a scandal exploded around this dating app which is geared toward gay people. Third-party companies had access to users’ private data, including HIV status. Users have the option to share their blood test results on the app.

The Norwegian firm, SINTEF, discovered it was possible to identify users through a cross-referencing of data. For the company, this represents a violation of privacy laws. Grindr has since stopped sharing data with partner companies.

In 60% of cases, information provided on applications are enough to identify users on social networking sites like Facebook or LinkedIn, and to obtain their full names (Kapersky Lab).


Exchanging unencrypted data

At the end of 2018, the German collective, Tactical Tech, obtained the public profiles of millions of people registered on dating sites and applications like Tinder and Meetic for only €136 from USDate. This data included names, email address, age, profession and user descriptions.

The most unbelievable part was that USDate sells this information legally. The data sold is part of the so-called “public” information on profiles. Owners implicitly give approval for its diffusion when they accept the terms of use. By contrast, personal messages are not intended to be private data.

According to an investigation by our colleagues at BFM TV, any internet user can help themselves to the data of 143,000 French men and 33,000 French women for €76 and €45, respectively.

Before trying to find your soul mate, preserve yourself!

If the internet is recognized as presenting a major risk for the preservation of personal data, we can only recommend using the utmost caution on dating apps and sites. We leave you with some advice for protecting yourself from the various types of hacking and/or the malicious use of your account on these types of apps:

  • Avoid connecting over public WiFi (and in particular, networks that are not password protected).
  • Be careful what you share on applications. To the extent possible, avoid linking your social media accounts to your dating apps.

The French journalist, Judith Duportail, asked Tinder for access to her personal data in 2017. The application granted her request by sending 800 pages of 1,700 messages exchanged over the three years she was registered.  Everything was carefully recorded, including the places and dates of her 920 connections.

Last but not least, if you wish to encrypt your data, use a VPN to connect to the internet.


To read: IoT: must we choose between data and security?