The IBM study revealed that many of these dating apps have access to additional features on mobile devices such as the camera, microphone, storage, GPS location and mobile wallet billing information, which in combination with the vulnerabilities may make them vulnerable to hackers.
Security researchers identified that 26 of the 41 dating apps they analysed on the Android mobile platform had either medium or high severity vulnerabilities. The analysis was based on apps available in the Google Play app store in October 2014. The vulnerabilities discovered by IBM Security make it possible for a hacker to gather valuable personal information about a user.
While some apps have privacy measures in place, the study found many are vulnerable to attacks that could lead to the following scenarios:
Dating apps used to download malware
Users let their guard down when they anticipate receiving interest from a potential date. That’s just the sort of moment hackers thrive on. Some of the more vulnerable apps could be reprogrammed by hackers to send an alert that asks users to click for an update or to retrieve a message that, in reality, is actually just a ploy to download malware onto their device.
GPS information used to track movements
IBM found 73 per cent of the 41 popular dating apps analysed have access to current and past GPS location information. Hackers can capture a user’s current and past GPS location information to find out where a user lives, works or spends most of their time.
Credit card numbers stolen from app
Some 48 per cent of the 41 popular dating apps analysed have access to a user’s billing information saved on their device. Through poor coding, an attacker could gain access to billing information saved on the device’s mobile wallet through vulnerability in the dating app and steal the information to make unauthorised purchases.
Remote control of a phone’s camera or microphone
All the vulnerabilities identified can allow a hacker to gain access to a phone’s camera or microphone even if the user is not logged into the app. This means an attacker can spy and eavesdrop on users or tap into confidential business meetings.
While the study discovered a number of vulnerabilities in over 60 per cent of popular Android dating apps, consumers can take steps to protect themselves against potential threats. Don’t divulge too much personal information on these sites such as where you work, your birthday or social media profiles until you’re comfortable with the person you are engaging with via the app. Other measures include using using unique passwords for every online account you have, updating apps when they become available, and using trusted Wi-Fi connections when on the app.