However, not every developer promised to patch all of the flaws.
Our researchers discovered that four of the nine apps they investigated allow potential criminals to figure out who’s hiding behind a nickname based on data provided by users themselves.
And if someone intercepts traffic from a personal device with Paktor installed, they might be surprised to learn that they can see the e-mail addresses of other app users.
Turns out it is possible to identify Happn and Paktor users in other social media 100% of the time, with a 60% success rate for Tinder and 50% for Bumble.
Happn, in particular, uses Facebook accounts for data exchange with the server.
With minimal effort, anyone can find out the names and surnames of Happn users and other info from their Facebook profiles.
This concerns only Android-based devices; malware able to gain root access in i OS is a rarity.
The result of the analysis is less than encouraging: Eight of the nine applications for Android are ready to provide too much information to cybercriminals with superuser access rights.
As our researchers found out, one of the most insecure apps in this respect is Mamba.
The analytics module used in the Android version does not encrypt data about the device (model, serial number, etc.), and the i OS version connects to the server over HTTP and transfers all data unencrypted (and thus unprotected), messages included.
Tinder, Bumble, Ok Cupid, Badoo, Happn, and Paktor all store messaging history and photos of users together with their tokens.
Thus, the holder of superuser access privileges can easily access confidential information.
Searching for one’s destiny online — be it a lifelong relationship or a one-night stand — has been pretty common for quite some time. To find the ideal partner, users of such apps are ready to reveal their name, occupation, place of work, where they like to hang out, and lots more besides.