\n
![](\"https:\/\/readwrite.com\/wp-content\/uploads\/2024\/07\/0K-zFt-KRM6nRFPaVywuZA-900x561.jpeg\")
<\/p>\n [ad_1]
\n<\/p>\n
In a frightening twist, researchers have found vulnerabilities in the design of dating apps Bumble and Hinge which could allow stalkers to pinpoint victims\u2019 locations down to two meters.<\/p>\n
Researchers from the KU Leuven University in Belgium found six dating apps had the same issue after analyzing 15 of the most popular.<\/p>\n
In the published paper titled \u2018Swipe Left for Identity Theft,\u2019 the dating platforms<\/a> are said to \u201callow for pinpointing a victim\u2019s exact location, enabling physical threats to user\u2019s personal safety.\u201d<\/p>\n None of these apps explicitly share the exact location of potential suitors, but they do have location-based features. This is so people can find relevant matches within their area.<\/p>\n Through a process of oracle trilateration, where an attacker gauges three positions representing the location of the victim, the researchers found that Badoo, Bumble, Hinge, and Hily<\/a> are all susceptible to this approach.<\/p>\n While this is worrying for anyone, the team reached out to the companies behind the apps and they changed how their distance filters work so they\u2019re no longer vulnerable to the technique.<\/p>\n These geo-location-based apps were also found in this research to \u201croutinely expose personal data to other users.\u201d This could include information that they\u2019re not actually aware of.<\/p>\n A broad privacy analysis of user data risks was carried out too, with the findings pointing to the app\u2019s UI exposing \u201clarge amounts of personal and sensitive data to even unsophisticated adversaries.<\/p>\n \u201cWhile users may feel compelled to share such data, there is a particular risk when APIs leak data hidden in the UI as well as exact user locations, as users will not be aware that they are sharing this data, which can lead to additional harm.\u201d<\/p>\n The paper concludes that \u201cthe apps\u2019 privacy policies generally fail to inform users about these privacy threats and leave the burden of protecting personal (sensitive) data to the users.\u201d<\/p>\nDating apps to \u2018expose\u2019 sensitive data<\/b><\/h2>\n