With a growing step taken everyday towards digitization and a rush in the sales of Smartphones and IOS, Indian youngsters are now giving a chance to the online dating apps to make them fall in love. Online dating apps have revolutionized the way people connect with others, and new platforms are emerging and evolving at an unbelievable speed – each designed to offer a simple way to find love in the present era.
But the question that arises is that are these online dating apps safe for a relationship?
Are people really falling in love or falling a prey to cyber criminals?
Kaspersky Lab and research firm B2B International recently conducted a survey and found that as many as one-in- three people are dating online. People turn to online dating for a variety of reasons- 48% do it for fun, while some look for more meaningful relationships and one-in- ten are simply looking for sex (13%). People share information with others too easily when they are dating online, with a quarter (25%) admitting they share their full name publicly on their dating profile. One-in-ten have shared their home address, and the same number has shared naked photos of themselves this way, exposing them to risk. But how carefully do these online dating apps handle such data? Kaspersky Lab decided to put them through their security paces.
Potential threats of online dating apps
Kaspersky Lab experts studied the best online dating apps (Tinder, Bumble, OkCupid, Badoo, Mamba, Zoosk, Happn, WeChat, Paktor), and identified the main threats for users. The developers were informed in advance about all the vulnerabilities detected. Some were fixed, and others were slated for correction in the near future. However, not every developer promised to patch all of the flaws.
Threat 1 – Who you are?
The researchers discovered that four of the nine apps they investigated allow potential criminals to figure out who’s hiding behind a nickname based on data provided by users themselves. For example, Tinder, Happn, and Bumble let anyone see a user’s specified place of work or study. Using this information, it’s possible to find their social media accounts and discover their real names. Happn, in particular, uses Facebook accounts for data exchange with the server. With minimal effort, anyone can find out the names and surnames of Happn users and other info from their Facebook profiles.
Threat 2 – Where are you?
If someone wants to know your whereabouts, six of the nine apps will lend a hand. Only OkCupid, Bumble, and Badoo keep user location data under lock and key. All of the other apps indicate the distance between you and the person you’re interested in. By moving around and logging data about the distance between the two of you, it’s easy to determine the exact location of the “prey.”
Threat 3 – Unprotected data transfer
Most apps transfer data to the server over an SSL-encrypted channel, but there are exceptions. As the researchers found out, one of the most insecure apps in this respect is Mamba. The analytics module used in the Android version does not encrypt data about the device (model, serial number, etc.), and the iOS version connects to the server over HTTP and transfers all data unencrypted (and thus unprotected), messages included. Such data is not only viewable, but also modifiable. For example, it’s possible for a third party to change “How’s it going?” into a request for money.
Also Read: A Guide to Dating Terms for 21st Century
Threat 4 – Man-in-the-middle (MITM) attack
Almost all online dating apps servers use the HTTPS protocol, which means that, by checking certificate authenticity, one can shield against MITM attacks, in which the victim’s traffic passes through a rogue server on its way to the bona fide one. The researchers installed a fake certificate to find out if the apps would check its authenticity; if they didn’t, they were in effect facilitating spying on other people’s traffic. It turned out that most apps (five out of nine) are vulnerable to MITM attacks because they do not verify the authenticity of certificates.
Threat 5 – Superuser rights
Regardless of the exact kind of data the app stores on the device, such data can be accessed with superuser rights. This concerns only Android-based devices; malware able to gain root access in iOS is a rarity. The result of the analysis is less than encouraging: Eight of the nine applications for Android are ready to provide too much information to cybercriminals with superuser access rights. As such, the researchers were able to get authorization tokens for social media from almost all of the apps in question. The credentials were encrypted, but the decryption key was easily extractable from the app itself.Tinder, Bumble, OkCupid, Badoo, Happn, and Paktor all store messaging history and photos of users together with their tokens. Thus, the holder of superuser access privileges can easily access confidential information.
The study showed that many online dating apps do not handle users’ sensitive data with sufficient care. That’s no reason not to use such services – you simply need to understand the issues and, where possible, minimize the risks.
Using a VPN
Installing security solutions on all of your devices
Sharing information with strangers only on a need-to-know basis
Adding your social media accounts to your public profile in a dating app; giving your real name, surname, place of work
Disclosing your e-mail address, be it your personal or work e-mail
Using dating sites on unprotected Wi-Fi networks
So if you are using any one of these online dating apps, be sure that you are SAFE!
With inputs from ANI