From robot companions to AI choosing the perfect partner, technology has become permanently entwined with dating and finding love, especially after a year and a half of lockdown that made digital connections the only type possible.
To understand the security implications of this trend, Kaspersky researchers conducted an in-depth study of nine popular dating apps to assess how safe they were.
What they found was that, when compared to their previous research in 2017, dating apps have become safer from a technical standpoint, particularly when it comes to the transfer of data.
However, these apps still pose a significant risk when it comes to exposing too much personal information about users — leaving the former vulnerable to threats like cyberstalking and doxing.
Meeting the love of your life at a party seems like a thing of the past with online dating experiencing a major boom — not in the least thanks to the pandemic.
Tinder reached a record 3 billion swipes in a single day in March 2020, while OkCupid experienced a massive 700% increase in dates from March to May that same year.
Amidst this growing popularity, Kaspersky decided to replicate its research from 2017 into the dating app landscape to see what’s improved and what hasn’t in terms of their security.
For their research, Kaspersky analysed nine popular and highly rated dating apps with global user bases: Tinder, Bumble, OkCupid, Mamba, Pure, Feeld, Her, Happn, and Badoo.
What they found was that, when compared to 2017, while dating apps have become safer from a technical standpoint, major privacy risks remain.
In 2017, four of the apps studied made it possible to intercept data sent from the app, and many used the unencrypted HTTP protocol.
However, in 2021, the situation has significantly improved. None of the apps studied use HTTP, and no data is sent if the protocol is not secure.
That said, significant privacy concerns remain with dating apps. Most dating apps allow users to register their account with one of their social networking sites (Instagram, Facebook, Spotify, etc.).
If the user chooses to do this, then their profile is automatically populated with information from that social networking site, such as photos and profile information.
Users are also invited to share information such as their place of work or university. All of the aforementioned data makes it easy to find dating app users’ social media accounts, and depending on their privacy settings on those accounts, a host of other personal information.
In addition, apps like Happn, Her, Bumble, and Tinder make it obligatory for users to share their location. Some apps, like Mamba, share the distance of users to the nearest meter.
Happn has an additional functionality that lets users see how many times and in what locations their matches have crossed paths with them.
Access to data such as users’ location, place of work, name, contact information, etc., leaves them vulnerable to cyberstalking or even physical stalking, as well as doxing (whereby previously private information is made public in order to shame or harm the victim).
What’s more, Mamba is the only application that lets users blur their photos for free, and Pure is the only one that prohibits users from taking screenshots of chats. This makes it possible for users to have their chats and photos shared without their permission, potentially for blackmail purposes or doxing.
However, many apps have been adding paid versions, and these include additional choices – often choices that can enhance users’ security. For example, in the paid versions of Tinder and Bumble, you can manually choose your location to a specific region.
Since only a region is available rather than a specific distance, it’s much harder to determine a user’s exact location. And some paid versions of apps, like Happn, offer users an “incognito mode”, whereby users can hide their profile from those they haven’t swiped right on and strangers.
“It’s always challenging to find a balance between building a digital presence and maintaining your privacy online, and the shift to online dating creates yet another area where users have to determine the best way for them to forge connections while protecting their security.
Thankfully, what we’ve seen over the past few years is that dating apps are moving in the right direction, letting users connect more safely. They’re working to keep the data secure, and, in the paid versions of many of the apps, users can do things like manually specify their location or blur their photos.
Hopefully, in the future, these options will be available in all apps for free. The best thing users can do to stay safe is to be careful about the data they’re sharing about themselves, both on their dating profiles and in conversations,” comments the Security Expert at Kaspersky, Tatyana Shishkova.
When it comes to the future of dating apps, Kaspersky has several predictions – and hopes – particularly when it comes to their security, such as the use of AI to protect users from fraud and the creation of verified accounts. You can discover these and more predictions about the future of dating and love, as well as submit your own through the Earth 2050 project.
You can also learn more about the security of dating apps on Securelist.
To say safe when using dating apps, Kaspersky experts recommend the following:
- Do not share too much personal information (last name, employer, photos with friends, political views, etc.) in your profile.
- Do not tie other social media accounts to your profile.
- Select your location manually, if possible.
- Use two-factor authentication, if possible.
- Delete or hide your profile if you are no longer using the app.
- Use the built-in messenger in dating apps. It’s better to move to other messengers only if you trust your match. If you finally decide to do so, set up the chat in a way that keeps your private info secured.
You should also use a trusted security solution on your devices, such as Kaspersky Security Cloud.
It will help you detect any malicious or suspicious activity across your gadgets, as well as check the security of the URL that you’re visiting.