1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Popular dating apps are leaking location data on over 10 million users

By nanoguy
Aug 13, 2019 at 3:56 PM
Post New Reply
  1. We've known for a while now that online dating apps aren't nearly as anonymous as we might think, and that's mostly a product of how much information we're voluntarily giving them. That's why attackers see these as goldmines where they can probe for personal user details such as the name of your employer, your address, and your current location among other things.

    It turns out the most popular dating apps have a vulnerability in official mobile APIs that allows malicious actors to get access to the location data gathered by the apps for convenience purposes. An important thing to note here is that all that's needed to exploit this flaw is the username.

    The problem was uncovered by security research firm Pen Test Partners, who were able to demonstrate an attack tool that exposed sensitive user information about where users live, socialize, and work in near real-time. The apps that are vulnerable to this attack are Romeo, Grindr, 3Fun and Recon, and the potential userbase that is at risk amounts to 10 million users.

    "Many of these apps return an ordered list of profiles, often with distances in the app UI itself," says one of the researchers. "By supplying spoofed locations (latitude and longitude) it is possible to retrieve the distances to these profiles from multiple points, and then triangulate or trilaterate the data to return the precise location of that person."

    The researchers notified the makers of the four dating apps, and the responses were mixed. Romeo explained that its app has a feature that allows you to give out a nearby location instead of the exact one, but this isn't enabled by default. Recon says it's rolling out a similar fix that reduces the precision of location data using "snap to grid."

    Grindr offered no response, presumably because they previously explained to the researchers that the app's location data can be compared to a "square on an atlas". Unfortunately, Pen Test Partners tested that claim and found the location data to be very precise, and were able to "pinpoint our test accounts down to a house or building."

    Apparently, group dating app 3Fun was the most vulnerable of the four. Researchers said it not only leaked the locations of its users, but also their chat data, pictures, and sexual preferences among other things. They first published their analysis on the app last week, when they described it as a "train wreck."

    The report highlights the need for Google and Apple to build less precise location APIs for dating apps and for developers to use a snap-to-grid approach that reduces the precision of location data. The two tech giants are already removing dating apps that allow underage users, but it's important to be aware that some apps might not be able to protect your personal data even after you've turned on all the privacy settings.

    Permalink to story.

  2. dogofwars

    dogofwars TS Addict Posts: 196   +76

    No too complicate, have a nice "triangle" over your position, once you know the direction you can pinpoint the town and then rinse and repeat until you get close to "zero". What they do to prevent that is in the type of request after all there is a finite number of request you can do in a certain amount of time to make it logical, nobody ca teleport yet. Though you could do that with multiple accounts to prevent the locking of the request etc..

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...