Most of the apps Kaspersky looked into transfer data to a server over an SSL-encrypted channel but that’s not always the case.
The analytics model used in the Android version of Mamba does not encrypt data about the mobile device being used while the i OS version transfers all data – including messages – in an unencrypted nature.
Credentials were encrypted although the decryption key was easily obtainable from the app itself.
Apps like Tinder, Bumble, Ok Cupid, Badoo, Happn and Paktor all store message history and user photos with their tokens, thus hackers with superuser access can easily view such confidential information.
Security researchers with Kaspersky Lab have disclosed that a number of popular dating apps are vulnerable to a variety of attacks that can reveal personal user details including full names, the name of your employer and even your location.
In four of the top nine online dating apps investigated (Tinder, Bumble, Ok Cupid, Badoo, Mamba, Zoosk, Happn, We Chat and Paktor), researchers were able to determine a user’s true identity based on data provided in profiles.
Or should we assume – a la “He’s Just Not That Into You” – that if he hasn’t asked you out by now, he’s not going to?
This can give a criminal access to social media account data for up to three weeks or so, Kaspersky said.
Tinder, Paktor, Bumble for Android and Badoo for i OS, meanwhile, upload photos via HTTP which can allow an attacker to determine which profiles a potential victim is browsing.
Worse yet, researchers found that five of the nine apps were vulnerable to man-in-the-middle attacks because they did not verify certificate authenticity.
Should you want your dating profile to be somewhat anonymous, you need to be as vague as possible with regard to sharing details about yourself (save those for the first date, for example).
If there’s one thing to realize in this post-Snowden era, it’s that the expectation of reasonable privacy shouldn’t really be expected.