Analysis of Privacy and Security Exposure in Mobile Dating Applications
Millions of people around the globe try to find their other half using Information and Communication Technologies. Although this goal could be partially sought in social networks, specialized applications have been developed for this very purpose. Dating applications and more precisely mobile dating applications are experiencing a continuous growth in the number of registered users worldwide. Thanks to the GPS and other sensors embedded in off-the-shelves mobile devices, dating mobile apps can provide location aware content, not only about the surroundings, but also about nearby users. Even if these applications have millions of registered users, it can hardly be said that they are using the best standards of security and privacy protection.
In this work we study some of the major dating applications and we report some of the risks to which their users are exposed to. Our findings indicate that a malicious user could easily obtain significant amounts of fine-grained personal information about users.
KeywordsUser profiling Location privacy Online social networks Security and privacy exposure
This work was supported by the European Commission under the Horizon 2020 Programme (H2020), as part of the OPERANDO project (Grant Agreement no. 653704) and is based upon work from COST Action CRYPTACUS, supported by COST (European Cooperation in Science and Technology).
Dr. Solanas is partly funded by La Caixa Foundation through project “SIMPATIC” RECERCAIXA’12, by the Government of Catalonia under grant 2014 SGR 537, and by the Spanish Ministry of Economy and Competitiveness under project “Co-Privacy”, TIN2011-27076-C03-01.
- 1.Cenzic, Application vulnerability trends report, Technical report (2014). http://www.cenzic.com/downloads/Cenzic_Vulnerability_Report_2014.pdf
- 2.Grace, M.C., Zhou, Y., Wang, Z., Jiang, X.: Systematic detection of capability leaks in stock android smartphones. In: 19th Annual Network and Distributed System Security Symposium, NDSS 2012, San Diego, California, USA, 5–8 February 2012Google Scholar
- 3.Au, K.W.Y., Zhou, Y.F., Huang, Z., Lie, D.: Pscout: analyzing the android permission specification. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 217–228. ACM (2012)Google Scholar
- 4.Beresford, A.R., Rice, A., Skehin, N., Sohan, R.: Mockdroid: trading privacy for application functionality on smartphones. In: Proceedings of the 12th Workshop on Mobile Computing Systems and Applications, pp. 49–54. ACM (2011)Google Scholar
- 7.Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of android application security. In: Proceedings of the 20th USENIX Conference on Security, SEC 2011, p. 21. USENIX Association, Berkeley (2011). http://dl.acm.org/citation.cfm?id=2028067.2028088
- 8.Egele, M., Kruegel, C., Kirda, E., Vigna, G.: Pios: detecting privacy leaks in iOS applications. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2011. The Internet Society, San Diego, 6th–9th February 2011Google Scholar
- 9.Wetherall, D., Choffnes, D., Greenstein, B., Han, S., Hornyack, P., Jung, J., Schechter, S., Wang, X.: Privacy revelations for web and mobile apps, p. 21 (2011)Google Scholar
- 10.Burattin, A., Cascavilla, G., Conti, M.: Socialspy: browsing (supposedly) hidden information in online social networks, CoRR abs/1406.3216. http://arxiv.org/abs/1406.3216
- 12.Narayanan, A., Thiagarajan, N., Lakhani, M., Hamburg, M., Boneh, D.: Location privacy via private proximity testing. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2011. The Internet Society, San Diego, 6th–9th February 2011Google Scholar
- 13.Fahl, S., Harbach, M., Muders, T., Baumgärtner, L., Freisleben, B., Smith, M.: Why eve and mallory love android: an analysis of android SSL (in)security. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 50–61. ACM, New York (2012)Google Scholar