Popular Dating Apps Pose Data Leak Risks for Russians
Russians who use mobile dating apps may become easy targets for cybercriminals. This conclusion was reached by experts from the cybersecurity company “Rostelecom-Solar,” a subsidiary of Rostelecom, after analyzing the security of popular dating applications.
During the study, specialists tested 12 of the most popular dating apps among Russian users (both Android and iOS versions), including Tinder, Badoo, LovePlanet, Mamba, Fotostrana, Topface, DrugVokrug, MyFriends, Galaxy, [email protected], Teamo, and Hitwe. Each of these apps had at least 1 million downloads.
To analyze the app code, researchers used their proprietary tool, Solar appScreener. By counting the number of vulnerabilities and errors and assessing the overall security level, the experts assigned each app a certain number of points. The average security rating of the analyzed apps was 2.2 out of 5.
iOS Apps Show Lower Security Scores
It turned out that iOS apps received the lowest scores. The highest scores went to Hitwe, LovePlanet, and Galaxy (1, 0.7, and 0.6 points out of a possible 5, respectively). The iOS version of TopFace contained numerous vulnerabilities, earning it a score of 0.0. Popular services Tinder and Badoo barely scored 0.5 points each.
The most common issue among iPhone apps was an unreliable hashing algorithm. More than 50% of the services studied also used weak encryption, making them vulnerable to brute-force attacks. However, researchers noted that vulnerabilities in the apps are somewhat offset by the security of iOS itself. For example, before an app is published in the App Store, it must pass multiple checks.
Android Apps: Security Leaders and Laggards
According to the study, the most secure Android versions were Teamo and Fotostrana, each scoring 3.2 points. The most vulnerable apps were MyFriends, TopFace, and LovePlanet (1.9, 2, and 2.1 points, respectively). The Android versions of Badoo and Tinder matched the marketβs average security level (2.9 and 2.6 out of 5).
The main security issue with Android versions was the presence of a hardcoded encryption key, found in 10 out of the 12 apps analyzed.