Bad news for the increasing number of Americans who are finding their true love — or at least their date for the evening — on the various dating applications that comprise the mobile Web.
A recent analysis of the mobile Web’s top five dating apps by security systems developer SEWORKS indicates that all were vulnerable to hacking and full of exploitable holes that would make it relatively easy for data thieves to run off with users’ sensitive personal data.
Standout observations were that all of the deconstructing and hacking done by the team was managed with regularly available tools and that all of the apps were fairly easy to access.
“Of all the dating apps we analyzed, 100% were decompilable — a process that enables hackers to reverse engineer and compromise an app,” the report noted, before noting that none of the apps had any protections in place to prevent or even slow down decompiling. Moreover, the site’s source code was easily seen and available in plan-test.
“In some cases, this text contained hard-coded key values, website addresses, and other critical information that could allow hackers access to sensitive data.”
These vulnerabilities are serious, notes SEWORKS CEO Min Pyo Hong, and open dating apps and their users up to devastating security compromises.
“These vulnerabilities expose users to numerous potential threats, including ”Man in the middle” attacks that can intercept user-to-user messages and files (such as photos), theft of sensitive user data like user location and direct contact info, and the creation of repackaged, dummy versions of the official app surreptitiously published online to fool users into giving away everything. Hackers have already done this and more with Snapchat and a popular Chinese clone of Tinder. As more of us use dating apps, many more hacks are sure to follow.”