How safe is your personal data in dating apps? Researchers at KU Leuven have uncovered several security risks, such as data leaks of sensitive information and exact locations.

KU Leuven investigated the privacy security of popular location-based dating (LBD) apps, including Tinder, Grindr and Bumble. It uncovered several security risks, such as the leakage of sensitive information and users’ exact locations. Moreover, they could easily access this data even without extensive IT knowledge. People with bad intentions can use this data for phishing, identity theft or even stalking. KU Leuven shared these findings with the app makers, who immediately implemented security updates.

Personal information

Users of dating apps share a lot of personal information such as name, age, exact location, but also telephone number or sexual orientation in order to find the perfect partner. Some of this information is mandatory to enter in the app, while for other information you can decide for yourself whether to make it public or not.

The DistriNet research group at KU Leuven investigated how safe this personal data really is in location-based dating (LBD) apps. To do this, they examined fifteen popular LBDs, including Tinder, Grindr and Bumble. Using their self-created accounts, they were able to find out how quickly and easily they could access this personal data.

No match

This research shows that dating apps and privacy do not mix. Some of these findings show that the internet traffic of all apps exposed usage data and sensitive information such as gender and sexual orientation. In addition, six of the fifteen apps exposed detailed location data.

“The personal and sensitive data we were able to expose through simple means is worth its weight in gold to people with bad intentions, who could be both acquaintances close to you and complete strangers,” says researcher Victor Le Pochat. “Exposing personal information leaves users vulnerable to online manipulation through phishing or identity theft. Combining this with sensitive data such as a person’s sexual orientation and location can lead to physical dangers such as stalking or sexual assault, or even state persecution, as has already happened against LGBTQ users in Egypt.”

Closing a security gap

KU Leuven shared these findings with app makers, who quickly took action to plug these leaks. More specifically, KU Leuven researchers recommended hiding all profile data by default, requiring users to consciously choose to make it public. In addition, adjustments were made to hide exact user locations.