The increasing use of mobile-based dating applications is putting millions of users at the risk of data leaks to third party software because of the weak and poor encryption structures of these applications, popularly called “apps”.
Use of popular dating apps like Tinder and Grindr, among many others, has put the personal data of their users, including their names, phone numbers, age and even device locations, at the risk of being leaked on internet and misused, mostly because of the weak and flawed security structures of such dating applications.
According to a research by Kaspersky Lab (one of the leading anti-virus companies in the world), some popular dating apps were found to be transmitting unencrypted user data over the insecure internet hypertext protocol, mainly to collect user data and store them in their servers for relevant advertising. However, in the process, the data was not being secured and such private data could be intercepted, modified and used in further attacks, leaving many users defenceless.
Some of these popular dating apps that have been examined have millions and some even billions of downloads across the world. According to reports, the popular dating app Tinder has been witnessing over 8.5 million swipes daily in India, while witnessing a growth of 1% every day.
A Kaspersky lab researcher told The Sunday Guardian, “We have examined logs and network traffic of applications in the internal Android Sandbox to uncover which applications transmit unencrypted user data to networks over the internet. We have identified a number of major domains, most of them part of popular advertising networks. The number of applications using these advertising networks totals several millions, with most of them transmitting at least one sensitive data like name, phone number, age, device location, IMEI number, in an unencrypted way.”
Researchers also say that the usage of third party codes to save time and reusing the existing functionality is also one of the major reasons for the low security feature of such apps, since the developers are not aware of the details of the codes, risking security features. This means that the intercepted data can also be modified and the application will show malicious ads instead of legitimate ones. Users will then be enticed to download a promoted application, which will turn out to be malware and put them at risk.
Shrenik Bhayani, General Manager, South Asia, Kaspersky Lab, told The Sunday Guardian, “The recent controversy between Facebook and Cambridge Analytica is a lesson for all of us when it comes to being cyber safe. We do not realise how grave a threat this is until we experience its consequences. The same thing happened when Facebook was not careful enough in the beginning to foresee the threats ahead. We are lucky that this data breach came to light as Facebook is a tech giant, and we can now learn to be more careful about what and how much to share online, which apps or third party developers we are granting permission to access our data and save ourselves from identity theft. The point that needs to be noted from this incident is that if a tech giant like Facebook is vulnerable to such data breaches, then how can we ensure that our personal data is not being misused by cyber criminals, be it on such dating apps or financial payment apps? At the time of stepping into digitisation, we cannot afford to be vulnerable.”
Cyber experts have cautioned users to check the permissions they have been granting to apps they are using on their smartphones. They have also said that most apps do not require access to device location and other such permissions being asked from time to time.