You share more than you know: dating apps and privacy are not always a good match

Popular dating apps introduce tighter data security measures in response to KU Leuven research

Dating apps have become an essential tool for people who are looking for a date or partner. When users create a profile, they enter a lot of personal data which they share with people who are still strangers at that point. Apps often give an indication of your location or the distance between you and your potential match. Some information you share intentionally. But other data you share without wanting to. This data can often easily be uncovered by someone with bad intentions and some knowledge of IT. Researchers from KU Leuven's DistriNet research unit examined the fifteen most popular location-based dating apps (LBD). They discovered various safety risks, including leaks of sensitive data and exact user locations. They presented their findings to the app developers and most of them have made efforts towards better user data protection.

Location-based dating apps (LBD) allow users to get to know more people in their area. Users can scroll or swipe through profiles, and, based on the personal data people share, decide whether they want to get to know the person behind the profile. Users share a lot of personal and sensitive information with the app to allow the algorithm to predict good matches. But how safe is your personal data on the app? And are you always aware of what you share with others?

The personal and sensitive data we were able to uncover using simple methods are seen as very valuable by people with bad intentions.

^{Victor Le Pochat, computer scientist at KU Leuven}

The KU Leuven research team selected the fifteen most downloaded LBD apps in the Google Play Store and examined them. This includes apps like Tinder, Badoo, Grindr, Bumble... The researchers analysed the data that users share based on three categories: personal data (name, age, nationality, phone number, place of residence...), sensitive data (political view, religion, alcohol use, sexual orientation...), and app usage data (time of last use, received likes, which type of relationship you are looking for...).

Some of this data is visible in the apps (sometimes even mandatory), some should always remain invisible, and for other information, you decide whether to share it or not. Users are assumed to know they are sharing this data. But the apps are linked to the internet, and in this internet traffic, a lot more data is shared than most users realise.

All apps leak data

The results of the study were clear: all apps leaked personal and sensitive user data.

• The internet traffic of all apps leaked usage data and sensitive data like gender and sexual orientation.
• By making changes to the data traffic, the researchers could even see users' age and gender preferences.
• Six out of fifteen of the most popular LBD apps also leaked detailed location data that allowed the researchers to find a user's almost exact location.
• There is a great difference in the number of fields you can fill in in the different apps. The apps included in the study had between 9 and 23 information fields to fill in, up to half of these being sensitive data fields. A higher number of fields led to a higher risk of leaks.
• The most popular app, Tinder, asks for a relatively small amount of personal data and protects the user location data well. This shows that an app doesn't have to ask for a lot of data in order to be popular.

'There are real risks,' says researcher Victor Le Pochat. 'The personal and sensitive data we were able to uncover using simple methods are seen as very valuable by people with bad intentions. These might be people from your neighbourhood or complete strangers. Uncovering personal data can make users vulnerable to online manipulation through phishing or identity theft. If you combine this with sensitive data like sexual orientation and someone's location, this can result in risks of physical danger, like stalking or assault or even state persecution, which already occurred in Egypt for LGBTQ users.'

The researchers found that the privacy policy that users have to accept do not inform users about these risks enough and place final responsibility on the users. The researchers call for the apps to hide all profile data as a standard setting, so users have to make a conscious choice about what they want others to see. They have shared the results of their research with the app makers and most of them quickly made the necessary adaptations to stop these leaks, including the leak of exact user locations.

Public link

Please use the above public link if you want to share this noodl on another website.