Dating Apps Expose Exact Locations Due to Breach

Dating apps have experienced a security breach that allowed users to locate the exact position of others, according to a study by Belgian university KU Leuven.

The study examined 15 dating apps, including Badoo, Bumble, Grindr, Happn, Hinge, Hily, and Tinder. It identified flaws in the filtering functions of these apps, which allow users to customize their matchmaking based on criteria such as age, height, relationship type, and distance. The vulnerability detected enabled any user with malicious intent to pinpoint the location of other users, even at distances as close as two meters.

The technique used to exploit this vulnerability is called "oracle trilateration". This method involves moving in different directions from a reference point to estimate a person's location. Although it does not provide the exact GPS coordinates, the technique allows for determining a user’s location within a delimited area with sufficient accuracy for identification.

After being informed by the researchers, the platforms began implementing changes to their filtering systems to address the detected weaknesses, as reported by Wired. This included disabling the oracle trilateration technique that allowed the precise location of users.

"While privacy policies acknowledge personal data processing, and a tension exists between app functionality and user privacy, significant data privacy risks remain," the study states . "We recommend user control, data minimization, and API hardening as countermeasures to protect users' privacy."