Researchers have identified a loophole which allowed for ‘trilateration’ in popular dating apps including Bumble, Hinge, Grindr, Happn, Badoo, and Hily.
The team from Belgium's KU Leuven University specifically used a technique known as oracle trilateration’ to pinpoint a user’s location down to two metres. This took a profile’s displayed location as a rough estimate, then by moving incrementally away in three different directions until the profile is out of range, revealed the exact location.
Trilateration is a technique used to determine an exact location using three points to gauge the distance to the object, then calculating the intersection to find the target location.
Dating app risks
Sensitive information being available to potentially malicious actors poses a threat to app users on multiple levels, researcher Karel Dhondt explained.
“Given that it's related to dating, which really gets to people's emotions and feelings, any privacy leaks or dangers are really exacerbated," Dhondt said, “If people are hurt, they may want to hurt back. That's why it's important that people's privacy and safety is well-maintained by these apps”.
Researchers also uncovered API (Application Programming Interface) leaks that could reveal personal data to an attacker, especially sensitive information such as user’s likes or preferences. All 15 apps studied were found to have some form of API leak.
A feature or a bug?
Most of the apps studied have since closed the gap and corrected this glitch by rounding the coordinates up by three decimal places to make them less precise. Grindr has allowed location sharing up to 111 metres, and explained that their location sharing practices are deliberate.
“For many of our users, Grindr is their only form of connection to the LGBTQ+ community, and the proximity Grindr offers to this community is paramount in providing the ability to interact with those closest to them,” Grindr’s Chief privacy officer Kelly Peterson Miranda stated.
It is worth noting that in countries where homoesexual activity is illegal, this practice could prove to be particularly serious. Grindr insists that users are in control of the location information they provide.
Via TechCrunch
More from TechRadar Pro
- Russian cybercriminals are hijacking domain names — with thousands of sites already taken over
- Stay safe with the best identity theft protection tools we've seen
- Downloaded something dodgy? Check out the best malware removal tools around