As such, the researchers were able to get authorization tokens for social media from almost all of the apps in question.The credentials were encrypted, but the decryption key was easily extractable from the app itself.Searching for one’s destiny online — be it a lifelong relationship or a one-night stand — has been pretty common for quite some time. To find the ideal partner, users of such apps are ready to reveal their name, occupation, place of work, where they like to hang out, and lots more besides.Dating apps are often privy to things of a rather intimate nature, including the occasional nude photo. Kaspersky Lab decided to put them through their security paces.It turned out that most apps (five out of nine) are vulnerable to MITM attacks because they do not verify the authenticity of certificates.
Our researchers discovered that four of the nine apps they investigated allow potential criminals to figure out who’s hiding behind a nickname based on data provided by users themselves.
This concerns only Android-based devices; malware able to gain root access in i OS is a rarity.
The result of the analysis is less than encouraging: Eight of the nine applications for Android are ready to provide too much information to cybercriminals with superuser access rights.
Tinder, Paktor, Bumble for Android, and Badoo for i OS also upload photos via HTTP, which allows an attacker to find out which profiles their potential victim is browsing.
When using the Android versions of Paktor, Badoo, and Zoosk, other details — for example, GPS data and device info — can end up in the wrong hands.