What is social engineering?
Online scams and phishing attacks are prime examples of social engineering — a technique used to manipulate people into sharing confidential or personal information.
These days, mobile dating apps like Tinder, Bumble, and OkCupid are a common fixture on most home screens. Almost one-third of US adults have used a dating app or website. And, unfortunately, the privacy risks of using these apps are often overlooked when everyone’s busy looking for love.
Here are five privacy concerns everyone should consider when it comes to online dating apps.
Dating apps request a lot of sensitive data about users in order to build a profile. Yes, sexual orientation and gender identity, political and religious beliefs, drug and alcohol use, and ethnic background all count as sensitive information, which has its own special classification under the GDPR.
Sure, these are important things that a potential partner will want to know, but privacy legislation is well aware that the leakage or disclosure of this data to other parties outside of the app could expose a person to all kinds of threats to freedom and safety.
For example, app users located in countries with strict regulations around religion and politics may find themselves on a watchlist based on their disclosed affiliations. LGBTQ+ individuals may be at risk of arrest, blackmail, or being outed against their will to friends, family and discriminatory employers, threatening not only their financial situation but their personal safety as well.
To show potential matches nearby, most dating apps track user location through the device GPS and Wi-Fi. This data can be used to track a user’s movements and, potentially, pinpoint their home address. What’s more, app users themselves don’t need sophisticated means to track down other users, even with only sparing location data available.
This leaves individuals exposed to bad actors who would take advantage of this information, risking personal safety and privacy as they go about their daily lives.
The photos and videos sent through dating apps may not be as private as we think; many dating apps have been found to have security flaws and improper storage practices. In 2019, mobile security company Zimperium conducted a security audit of 28 popular dating apps and found that 25 failed to implement secure communications, while 23 didn’t have secure data storage.
Unfortunately, such vulnerabilities can leave people’s intimate photos and videos exposed. This was the case with dating app Jack’d, where private photos taken by users were found to have been hosted in a publicly-accessible database through Amazon Web Services.
And if that’s not enough, consider that the photos you upload to your dating profile could also be used to create fake profiles to “catfish” other users by pretending to be you.
A common way for companies to monetise their free dating apps is to share data with third-party advertising companies. However, many companies have been called out for selling users’ personal data without their knowledge or consent. Just this year, three GDPR complaints were lodged against dating app Grindr for illegally sharing users’ GPS location, device identifiers, and other sensitive information with advertisement networks.
If you’re based in the US, you may be wondering what legal protections apply against the sale of personal information without consent. Well, at the time of this blog post, there isn’t a federal law in place yet, but the California Consumer Privacy Act (CCPA) currently enables Californian residents to request that a website or app does not sell their personal information.
Until similar protections come into law elsewhere in the country, American residents outside CA have their data up for sale. (And they can expect to receive more of those annoying targeted ads too!)
Dating apps are a treasure trove of data that can be used to extort and embarrass people, so it’s not surprising that they are a frequent target of cyberattacks. From the explosive Ashley Madison data breach of 2015 to last year’s spate of OKCupid account hijackings, we’ve learned it’s worth investigating the actual measures a dating website or app have put in place to protect your data.
None of that, of course, excuses app developers from keeping their users’ best interests at heart. Any failure on a company’s part to take data privacy and protection seriously could have significant and even dangerous real-world consequences for users. Caring about privacy isn’t just ethical business, it’s self-preservation too: learning from the mistakes of other dating apps could save companies millions of dollars in fines and lawsuits.