Blog

Dating Apps: Riskier Than You Might Think 

march 12, 2021 | internet privacy
women with laptop and phone

If you spent Valentine's Day 2021 alone—as an increased number of us did during the pandemic—did you consider signing up for a dating app? Whether you swipe left or right--everyone knows someone who found true love on eHarmony, OKCupid, Tinder or another app. New apps debut regularly as others drift into obscurity. It's a lot to keep up with, and that makes the tasks facing singles very significant. You could wind up facing public exposure you won't enjoy.

Don't go looking for love in all the wrong places. Brush up on the most significant risks—data leaks, privacy limits, identity compromise and even the likelihood that your data is being sold to businesses before you leap.

The Data Heist

Have you been asked to provide a copy of your driver's license to establish an account with one of these apps? Maybe a passport or other photo ID? According to The Mozilla Foundation's latest "Privacy Not Included" report, some go way beyond data neutral into the grabby category. Released just before Valentine's Day, the report calls out 21 of 24 dating apps for presenting significant privacy issues.

Plenty of Fish received abysmal marks from Mozilla. The authors wrote, "This dating app asks users provide a whole lot of personal information when you sign up--everything from ethnicity and whether you smoke to if you own a vehicle and if your parents were married (seriously, they ask for that!). That's a whole lot of personal information you're giving a company that has a recent history of leaking personal data and may share with third parties."

The app's management, Match Group, also owns over 45 other dating sites, including Tinder, OK Cupid and Hinge. Yes, users should expect a whole lotta sharing going on. You really must read that privacy policy.

Privacy Issues Abound

Dating apps often encourage users to share photos. Last year, a pair of security researchers tripped over an unsecured data bucket in the cloud that involved multiple dating apps. Their discoveries available on vpnMentor.com warned such unsecured data could lead to "Fraud, doxing, blackmail, extortion, viral attack, and hacking." Whew.

A cluster of dating apps identified included Gay Daddy Bear, SugarD, Herpes Dating, CougarD and 3somes. A common developer evidently designed all the apps and poorly protecting an Amazon Web Services account. (DJ link here to David's piece on cloud security being posted shortly).

Over 20 million files exposed contained explicit photos, audio recordings and financial transactions, to name just a few.

"Privacy Not Included" also brings the bad news about dating apps. "Not going to sugar coat this: Grindr is a horrible dating app for user privacy and security. Of all the dating apps we reviewed, Grindr is the worst of the worst. They're so bad, in fact, the Norwegian Data Protection Authority recently fined them $11.7 million for illegally sharing private, personal information with advertising companies," the report said. 

Besides, Grindr still shares user location data with third parties, according to Mozilla research. Note that some dating apps make user location the focus of their entire offering. It’s risky.

Even Christian Mingle received a poor review due to overboard permission requests, according to the research team. "The app asks for control of your phone's flashlight and the ability to disable your lock screen. That just feels a bit creepy."  

Mozilla's report lavished kudos on just a few apps, including Lex. "Built for the lesbian, queer, trans, and non-binary community, this dating app collects minimal data, and doesn't share it for marketing purposes. Further, their privacy policy is crystal clear. eHarmony is another app that respects users' privacy and security."

Ashley Madison Leaks

Some folks might object to including Ashley Madison's notorious hack in an article on dating apps. It's not geared toward singles; the website bills itself as the place to launch extramarital affairs with the slogan "Life is Short. Have an Affair."  Yet, there are major lessons to learn from this disaster. 

A hacker collective grabbed details on 32 million account users and 7 years of credit card data in 2015 and then threatened to drop those account details online. They followed up on that threat, and email addresses in the millions were exposed—including some that gave experts pause. Thousands of government employees used their work email addresses to create accounts! 

Publicity surrounding this breach was ruinous for many users; numerous divorces and several suicides followed in its wake. It begs the question, "Are you ready to have your private life make headlines in the news?" If not, don't make a move until you consider each app's privacy precautions. 

Blaze A Smarter Path

An estimated half of all dating program users report some difficulties or concerns. Threats come from many directions—a stalker, am identity thief, data leaks, a person who misrepresented themselves, even phishing emails. If you’re highly active online, you could double your risk of experiencing an IT incident too. Keep your guard up.

When building your profile, put some effort into it. Do not opt to pull over Facebook account data or info from another online presence. Not advisable. Take time to consider what you really want to share with a prospective date. Or not share.

Fake dating profiles present another risk--one that delivers malware on some devices. Security researchers in 2019 saw a rash of these foul deeds, with Tinder receiving the lion's share. Fakes are probably the user's biggest concern about dating apps. Watch out for any pop-up that requests administrator permissions for the entire device. Your banking data is perhaps in their crosshairs; do not grant administrative rights without an in-depth review of the requester and whether they need total access. Most absolutely do not.

Be alert to potential romance scamstoo. Dating websites often connect con artists to new targets. Watch out for outrageous claims that could be flat-out lies. An estimated 1 in 2 app users lies on their profiles, according to several reports. 

Do not overshare. That means no full names or home addresses on a profile or shared with potential matches until well into a dating venture—ditto for details of where you're grabbing dinner this evening.

Ask questions of the provider. How is your data protected? Do they encrypt? What happens to identity documents like that license used to confirm you are who you say you are? Can you delete your files thoroughly later? How and with whom do they share your personal details? Most of all, will users be able to see where you work, work out or kick back. That's more detail than you should share—especially on a first date.

Reach out to IDShield for help monitoring your personal data. It’s what we do, and we do it very well. Let us monitor your Social Security number, your address, driver’s license number, and so much more to protect you from data abuse.

IDShield is a product of Pre-Paid Legal Services, Inc. d/b/a LegalShield (“LegalShield”). LegalShield provides access to identity theft protection and restoration services. For complete terms, coverage and conditions, please see www.idshield.com. All Licensed Private Investigators are licensed in the state of Oklahoma. This is not intended to be legal advice. Please contact an attorney for legal advice or assistance. If you are a LegalShield member, you should contact your Provider Law Firm.

Learn more about protecting yourself against Identity Theft