Privacy breach in top dating apps could reveal user’s location from up to 2 meters away
Researchers have discovered a loophole that allows “trilateration” on popular dating apps including Bumble, Hinge, Grindr, Happn, Badoo and Hily.
The team from Belgium KU Leuven University specifically used a technique known as ‘oracle trilateration’ to determine a user’s location to within two meters. This took the displayed location of a profile as a rough estimate, and then by moving further away in three different directions until the profile was out of range, revealed the exact location.
Trilateration is a technique to determine an exact location using three points to measure the distance to the object. Then the intersection is calculated to find the target location.
Risks of dating apps
Sensitive information that is accessible to potentially malicious parties poses a threat to app users on multiple levels, explains researcher Karel Dhondt.
“Since it has to do with dating, which really touches on people’s emotions and feelings, privacy leaks or dangers are really exacerbated,” Dhondt said, “If people get hurt, they might want to hurt back. That’s why it’s important that people’s privacy and safety are well maintained by these apps.”
Researchers also discovered API (Application Programming Interface) leaks that could reveal personal information to an attacker, particularly sensitive information such as the user’s preferences or preferences. All 15 apps examined were found to have some form of API leak.
A feature or a bug?
Most of the apps we studied have since closed the gap and corrected the glitch by rounding coordinates to three decimal places to make them less accurate. Grindr has allowed location sharing up to 111 meters, explaining that its location sharing practices are intentional.
“For many of our users, Grindr is the only way to connect with the LGBTQ+ community. The proximity that Grindr provides to this community is paramount in providing the opportunity to communicate with those closest to them,” said Kelly Peterson Miranda, Chief Privacy Officer at Grindr.
It is worth noting that in countries where homosexual activity is illegal, this practice can prove particularly serious. Grindr insists that users have control over the location data they provide.
Through TechCrunch