An estimated 25.1 million people used a dating app at least monthly in 2019, a 5.3% increase from the amount of users in 2018. While users may find love, they are also finding heartbreak in the form of leaked personal information and other security and privacy risks.
We investigated 14 of the leading mobile dating applications – based on popularity, downloads and user reviews – from a security and privacy perspective.
The results, based on our Advanced Application Analysis z3A technology, may have you breaking up with your dating app:
- 100% of iOS-based apps and 71% of Android-based apps failed to receive a passing privacy grade. This means things like private user data, unique device identifiers, SMS, communications, and data storage are all at risk.
- 100% of iOS-based apps and 93% of Android-based apps failed to receive a passing security grade. These risks include application capabilities, and critical vulnerabilities.
In addition, we tested the 28 apps (14 iOS and 14 Android) against The Open Web Application Security Project’s (OWASP) Mobile Top 10.
For those who may not know, OWASP is a worldwide not-for-profit charitable organization focused on improving the security of software. OWASP publishes a top 10 list of app development best practices applying to mobile apps.
When examined across all 28 apps, some interesting trends emerged. For example, the majority of apps are susceptible to attacks leveraging weaknesses highlighted by three tests (with a fourth just below a majority):
- 96% (27 apps) are vulnerable to reverse engineering.
- 89% (25 apps) fail to implement secure communications.
- 82% (23 apps) fail to implement secure storage.
- 50% (14 apps) are vulnerable to code tampering.
The full Security and Privacy Issues Found in Popular Dating Apps report provides a deep analysis of each of the 14 shopping apps. This is the fourth app-focused report we’ve produced. The first report looked at the top banking apps; the second one reviewed the leading travel apps; the third was about top shopping apps. For those wanting to hear insights from our researchers, webinars on all four reports are available.
Results in the report are anonymous; we reach out to each company to review the detailed report for its own app. As we continue with these reports and discuss these concerns with the companies in question, many of the security teams are unaware of the extent and severity of the issues in their apps.
The reality is, the security and privacy risks associated with these apps not only affect individual users, they can impact companies, organizations and government agencies. In one recent example, the United States Army recently banned our soldiers from using the viral app Tik Tok, because of security concerns.
Contact us to learn how we can help your company improve the security of your app.