API Security , Black Hat , Events
Dating Apps Leak User Data, Risking Privacy and Safety
KU Leuven's Victor Le Pochat and Karel Dhondt on How API Vulnerabilities Expose PIIDating apps' collection and potential leakage of exact location data present significant privacy risks. Users often reveal sensitive information, making them vulnerable to stalking, harassment or physical harm, said Victor Le Pochat, a postdoctoral researcher at the KU Leuven, a Belgian research university.
See Also: Corelight's Brian Dye on NDR's Role in Defeating Ransomware
Some apps "have the same vulnerabilities that Tinder had 10 years ago," Le Pochat said. "Of the 15 most popular dating apps that we looked at, all of the apps leaked data," said Karel Dhondt, a doctoral researcher at KU Leuven. "We found a staggering 99 data leaks."
Another significant concern is API vulnerabilities, where sensitive user information can be exposed due to poorly protected interfaces. While data minimization is an effective strategy, most apps do not take this approach, often prioritizing the collection and sale of user data, Dhondt said.
In this video interview with Information Security Media Group at Black Hat 2024, Le Pochat and Dhondt also discussed:
- The types of data exposed in leaks, including personal identifiable information and usage patterns;
- How secure coding practices and encryption reduce risks associated with dating apps;
- How grid snapping can reduce location data accuracy.
Le Pochat is a researcher in web security and privacy. His research areas include exploring large web ecosystems, web security research methodology and analyzing and improving current research methods.
Dhondt's research areas include secure software development, security and privacy of online location-based services, integrating security measures in software engineering practices to enhance the security posture of software applications, and web security and privacy.