Tech
Bumble and Hinge stalkers could track users within two meters on dating apps, researchers say
In a frightening twist, researchers have found vulnerabilities in the design of dating apps Bumble and Hinge which could allow stalkers to pinpoint victims’ locations down to two meters.
Researchers from the KU Leuven University in Belgium found six dating apps had the same issue after analyzing 15 of the most popular.
In the published paper titled ‘Swipe Left for Identity Theft,’ the dating platforms are said to “allow for pinpointing a victim’s exact location, enabling physical threats to user’s personal safety.”
None of these apps explicitly share the exact location of potential suitors, but they do have location-based features. This is so people can find relevant matches within their area.
Through a process of oracle trilateration, where an attacker gauges three positions representing the location of the victim, the researchers found that Badoo, Bumble, Hinge, and Hily are all susceptible to this approach.
While this is worrying for anyone, the team reached out to the companies behind the apps and they changed how their distance filters work so they’re no longer vulnerable to the technique.
Dating apps to ‘expose’ sensitive data
These geo-location-based apps were also found in this research to “routinely expose personal data to other users.” This could include information that they’re not actually aware of.
A broad privacy analysis of user data risks was carried out too, with the findings pointing to the app’s UI exposing “large amounts of personal and sensitive data to even unsophisticated adversaries.
“While users may feel compelled to share such data, there is a particular risk when APIs leak data hidden in the UI as well as exact user locations, as users will not be aware that they are sharing this data, which can lead to additional harm.”
The paper concludes that “the apps’ privacy policies generally fail to inform users about these privacy threats and leave the burden of protecting personal (sensitive) data to the users.”
Image Credit: Via Ideogram