Privacy flaw in top dating apps could have revealed user location down to 2 metres
6 of top 15 apps studied were found to contain the weakness
Researchers have identified a loophole which allowed for ‘trilateration’ in popular dating apps including Bumble, Hinge, Grindr, Happn, Badoo, and Hily.
The team from Belgium's KU Leuven University specifically used a technique known as oracle trilateration’ to pinpoint a user’s location down to two metres. This took a profile’s displayed location as a rough estimate, then by moving incrementally away in three different directions until the profile is out of range, revealed the exact location.
Trilateration is a technique used to determine an exact location using three points to gauge the distance to the object, then calculating the intersection to find the target location.
Dating app risks
Sensitive information being available to potentially malicious actors poses a threat to app users on multiple levels, researcher Karel Dhondt explained.
“Given that it's related to dating, which really gets to people's emotions and feelings, any privacy leaks or dangers are really exacerbated," Dhondt said, “If people are hurt, they may want to hurt back. That's why it's important that people's privacy and safety is well-maintained by these apps”.
Researchers also uncovered API (Application Programming Interface) leaks that could reveal personal data to an attacker, especially sensitive information such as user’s likes or preferences. All 15 apps studied were found to have some form of API leak.
A feature or a bug?
Most of the apps studied have since closed the gap and corrected this glitch by rounding the coordinates up by three decimal places to make them less precise. Grindr has allowed location sharing up to 111 metres, and explained that their location sharing practices are deliberate.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“For many of our users, Grindr is their only form of connection to the LGBTQ+ community, and the proximity Grindr offers to this community is paramount in providing the ability to interact with those closest to them,” Grindr’s Chief privacy officer Kelly Peterson Miranda stated.
It is worth noting that in countries where homoesexual activity is illegal, this practice could prove to be particularly serious. Grindr insists that users are in control of the location information they provide.
Via TechCrunch
More from TechRadar Pro
- Russian cybercriminals are hijacking domain names — with thousands of sites already taken over
- Stay safe with the best identity theft protection tools we've seen
- Downloaded something dodgy? Check out the best malware removal tools around
Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.