A new study reveals the alarming privacy risks associated with popular dating apps. Learn how these apps collect and share your data and how to protect yourself.
Dating apps have become essential for people looking for a date or partner. When users create a profile, they enter a lot of personal data, which they share with people who are still strangers. Apps often indicate your location or the distance between you and your potential match. Some information you share intentionally. But other data you share without wanting to.
This data can often be easily uncovered by someone with bad intentions and some knowledge of IT. KU Leuven’s DistriNet research unit examined the fifteen most popular location-based dating apps (LBD). They discovered safety risks, including sensitive data leaks and exact user locations. They presented their findings to the app developers, and most of them have tried to better protect their data.
Location-based dating apps (LBD) allow users to get to know more people in their area. Users can scroll or swipe through profiles and, based on the personal data people share, decide whether they want to get to know the person behind the profile. Users share much personal and sensitive information with the app to allow the algorithm to predict good matches. But how safe is your data on the app? And are you always aware of what you share with others?
The personal and sensitive data we were able to uncover using simple methods are seen as very valuable by people with bad intentions.
Victor Le Pochat, computer scientist at KU Leuven
The KU Leuven research team selected the fifteen most downloaded LBD apps in the Google Play Store and examined them. This includes apps like Tinder, Badoo, Grindr, and Bumble… The researchers analyzed the data that users share based on three categories: personal data (name, age, nationality, phone number, place of residence…), sensitive data (political views, religion, alcohol use, sexual orientation…), and app usage data (time of last use, received likes, which type of relationship you are looking for…).
Some of this data is visible in the apps (sometimes even mandatory), some should always remain invisible, and for other information, you decide whether to share it or not. Users are assumed to know they are sharing this data. However, the apps are linked to the internet, and in this internet traffic, more data is shared than most users realize.
Also Read: Why Your Data Strategy Matters Now More Than Ever
All apps leak data
‘We have intensively studied the internet traffic of the apps,’ says researcher Karel Dhondt. ‘First, we uncovered the data from other users that the apps receive from the servers, which was not all that hard to do for someone with a bit of computer knowledge. In the second stage, we actively adapted that data traffic to see whether it would reveal more information. We had a well-considered approach: we only used the built-in functionalities of the apps, so we did not hack the servers, and we only used profiles that we created ourselves, so we would not uncover data from real users.’
The study’s results were clear: all apps leaked personal and sensitive user data.
- The internet traffic of all apps leaked usage data and sensitive data like gender and sexual orientation.
- By changing the data traffic, the researchers could see users’ age and gender preferences.
- Six out of fifteen of the most popular LBD apps also leaked detailed location data that allowed the researchers to find a user’s almost exact location.
- There is a great difference in the number of fields you can fill in in the different apps. The apps included in the study had between 9 and 23 information fields to fill in, up to half of these being sensitive data fields. A higher number of fields led to a higher risk of leaks.
- The most popular app, Tinder, asks for a relatively small amount of personal data and protects the user’s location data well. This shows that an app doesn’t have to ask for a lot of data to be popular.
‘There are real risks,’ says researcher Victor Le Pochat. ‘The personal and sensitive data we uncovered using simple methods are seen as very valuable by people with bad intentions. These might be people from your neighborhood or strangers. Uncovering personal data can make users vulnerable to online manipulation through phishing or identity theft. Suppose you combine this with sensitive data like sexual orientation and someone’s location. In that case, this can result in risks of physical danger, like stalking or assault or even state persecution, which already occurred in Egypt for LGBTQ users.’
The researchers found that the privacy policy users must accept does not adequately inform users about these risks and places final responsibility on the users. The researchers call for apps to hide all profile data as a standard setting, so users must consciously choose what they want others to see. They have shared the results of their research with the app makers, and most of them quickly made the necessary adaptations to stop these leaks, including the leaks of exact user locations.
Also Read: New CIO? Break Silos for Success
Time for a date with your data
Even if most apps have made the necessary adaptations, this research shows again that you should be cautious with your personal and sensitive data. The researchers share three tips:
- Be conscious about what you share. What you can see on other users’ profiles is what they can also see on yours. Do not share unnecessary information that can be sensitive, like your employer or political views.
- Do not trust the settings of dating apps to hide data from others. Everything you share with a dating app is saved to its servers and can, knowingly or unknowingly, be shared with others now or in the future.
- Use your smartphone’s built-in settings to protect your location data. Consider sharing only an estimated location, and adjust your phone’s settings so that you have to permit to share your location every time you open a dating app.
