Six types of dating apps allowed users to pinpoint their exact location



Dating apps allow users to search for users based on their location, but they don't show the exact location of the person they're looking for. However, a research team from

the University of Leuven analyzed several dating apps and found that six of them were able to pinpoint the user's location.

Swipe Left for Identity Theft: An Analysis of User Data Privacy Risks on Location-based Dating Apps - dating-apps-usesec24.pdf
(PDF file) https://lepoch.at/files/dating-apps-usesec24.pdf

Bumble and Hinge allowed stalkers to pinpoint users' locations down to 2 meters, researchers say | TechCrunch
https://techcrunch.com/2024/07/31/bumble-and-hinge-allowed-stalkers-to-pinpoint-users-locations-down-to-2-meters-researchers-say/

The problem of 'being able to identify other users' location information on dating apps' was reported about 10 years ago. For example, in 2014, a problem was reported in Tinder where 'by analyzing the app's communications, it was possible to obtain accurate distance information between other users, and by obtaining and calculating distance information from three locations, it was possible to calculate accurate location information.'



The above problem has been found in multiple dating apps, and the developers of each app have made modifications to make it impossible to identify location information using the same method. However, according to the research team, it is still possible to obtain 'rough distance information from other users' on the LGBTQ dating app 'Grindr,' and narrow down the user's location to 111 meters square. In addition, although 'happn' displays a rounded value such as 'approximately ○ km' on the app, it seems that by analyzing the communication, it is possible to obtain the exact distance and identify the location information.

Furthermore, the research team discovered that even in apps that have been designed to address the above issues, location information can be identified by exploiting the 'search feature for users within XX km'. The specific steps for identifying location information are as follows: First, derive rough location information such as the area the target user lives in from the profile, and head to the surrounding area. Next, use the 'search feature for users within XX km' to confirm that the user is found in the search, and then move to another location. If you repeat the search while moving, at some point the target user will no longer be found in the search. That 'point where the search no longer appears' is the 'point XX km from the target user'. By repeating the same process in three places, the target user's location information can be calculated. The research team calls this location identification method 'oracle trilateration'.



According to the research team, the oracle trilateration was available on four dating apps: Badoo, Bumble, Hinge, and Hily. In addition, the oracle trilateration can pinpoint location information with a high accuracy of 2 meters square.

The research team has contacted the developers of the apps that were able to identify location information, and they have already made modifications such as 'reducing the accuracy of distance information.'

in Mobile,   Web Service,   Security, Posted by log1o_hf