Dating apps may not be as safe as you think they are

Josephine John Mumbai | Updated on January 23, 2018 Published on August 04, 2015


None of the popular apps completely hacker-proof, finds survey by security scanner Appvigil

 If you thought the hacking incident that compromised user details on dating app Ashley Madison was a one-off event, you could be wrong. A survey done by Android security scanner Appvigil of popular dating applications, including Tinder, Grindr, TrulyMadly, MeetMe and Desicrush, has revealed that these platforms have vulnerabilities and can be hacked into.  

 The report, which was exclusively done for BusinessLine, mentions that the vulnerabilities offer an easy path for hackers to tread.

 These include possibility of malware infection, bugs and multiple loopholes that allow hackers to snoop into personal chats. This could also lead to instances where a user liking a profile picture could be hijacked to like another person’s picture. Together, these apps have about 51 million users.

“It is shocking to see the security results, especially in a country like India when users are exploring new opportunities such as dating apps and companion services. Maximum security is something the application should assure its users,” said Toshendra Sharma, founder of Wegilant. Appvigil is a cloud-based security app scanner developed by Wegilant, a start-up incubated by IIT-Mumbai. 

In July, hackers broke into Canada-based dating website Ashley Madison and threatened to reveal personal data such as sexual fantasies, nude images, real names of customers and their credit card details.

According to the Appvigil report, almost all applications scanned had a ‘weak message digest’, which makes user authentication easy to crack. Further, most of them also had ‘missing broadcaster permissions’, making the application easy to be launched from another application.

The report said that none of the applications was “completely secure” against mobile security vulnerabilities and suggested that all the dating application companies need to reassess their security levels.

According to Sachin Bhatia, co-founder of TrulyMadly, “We have a few freelance ethical hackers who run regular checks on the application for loopholes. Our application also regularly warns and notifies users from entering confidential data on the app.”

Also, he said issues like JavaScript Injection and Frame Header pointed out by Appvigil are possible only on the website, and the company hasn’t put much effort to sort them out as the firm is moving into mobile-based apps.

Tinder did not respond to specific questions raised by BusinessLine, but said it could comment only after seeing the Appvigil report. Other dating apps did not respond. 

Published on August 04, 2015
This article is closed for comments.
Please Email the Editor