If the app included an option to show your place of work, it was fairly easy to match the name of a user and their page on a social network.This in turn could allow criminals to gather much more data about the victim, track their movements, identify their circle of friends and acquaintances. Discovering a user’s profile on a social network also means other app restrictions, such as the ban on writing each other messages, can be circumvented.Most of the apps in our research are vulnerable when it comes to identifying user locations prior to an attack, although this threat has already been mentioned in several studies (for instance, here and here).We found that users of Tinder, Mamba, Zoosk, Happn, We Chat, and Paktor are particularly susceptible to this.In Happn for Android there is an additional search option: among the data about the users being viewed that the server sends to the application, there is the parameter fb_id – a specially generated identification number for the Facebook account.The app uses it to find out how many friends the user has in common on Facebook.
Even though the application doesn’t show in which direction, the location can be learned by moving around the victim and recording data about the distance to them.
We were interested in what could be intercepted if, for example, the user connects to an unprotected wireless network – to carry out an attack it’s sufficient for a cybercriminal to be on the same network.
Even if the Wi-Fi traffic is encrypted, it can still be intercepted on an access point if it’s controlled by a cybercriminal.
It seems just about everyone has written about the dangers of online dating, from psychology magazines to crime chronicles.
But there is one less obvious threat not related to hooking up with strangers – and that is the mobile apps used to facilitate the process.