Bumble and Grindr were among those discovered to have security vulnerabilities that could leak an individual’s precise location
Are run clubs the new dating sites now? The jury is still out but it could be for the better. Why? Run club enthusiasts get to improve their health while also getting the chance to meet new people. And, they also might not have to deal with security risks associated with location-based dating apps.
A recently published academic paper from Belgian university KU Leuven titled, “Swipe Left for Identity Theft: An Analysis of User Data Privacy Risks on Location-based Dating Apps,” assessed the 15 most popular location-based dating apps, including Tinder, Bumble, Grindr, Hinge, OkCupid, and MeetMe.
According to the study, users can ascertain the specific location of an individual on the platform using data the app willingly provides.
Dating apps and location-sharing
Yes, dating apps in general pair users with one another based on location by prioritizing the ones nearest to them. Exact distances and places of residence are typically kept vague yet these could be used to approximate locations, whether or not a user is actively displaying theirs.
How? Trilateration, which in layman’s terms, is the process of estimating a specific location by comparing its proximity to three different points.
But how does this apply to dating apps?
The study explains that users can use location markers a dating app provides to hone in on a target. For example, if a stalker is roughly 1.5 km away from a user, they can physically move to a different area—whether it be nearer or farther—to find additional references they can use to compute the meeting points of those locations.
Security measures and personal settings
It also wouldn’t matter if a dating app only showed what city a target resided in (or even if a user has hidden their location) as several platforms utilize filters to indicate the minimum distance allowed for a user to be shown in a feed.
“The attacker then incrementally moves themselves until the [distance filter] indicates that the victim is no longer within proximity, and this for three different directions. The attacker now has three positions with a known exact distance, i.e., the preselected proximity distance, and can trilaterate the victim.”
The study records dating apps Grindr, Badoo, Bumble, Hinge, Hily, and Happn were among those with recorded vulnerabilities, while Tinder and Lovoo did not.