Researchers have identified a loophole that allows for “trilateration” in popular dating apps including Bumble, Hinge, Grindr, Happn, Badoo and Hily.
The Belgian team KU Leuven University Specifically, a technique known as “oracle trilateration” was used to determine a user’s location to within two meters. To do this, the user took the location shown on the profile as a rough estimate, and then gradually moved away in three different directions until the profile was out of range to reveal the exact location.
Trilateration is a technique used to determine an exact location by using three points to measure the distance to the object and then calculating the intersection to find the target location.
Risks of dating apps
Sensitive information available to potentially malicious actors poses a threat to app users on multiple levels, researcher Karel Dhondt explained.
“Because it’s related to dating, which really touches on people’s emotions and feelings, any privacy leak or danger is really exacerbated,” Dhondt said. “If people feel hurt, they may want to hurt people back. That’s why it’s important for these apps to keep people’s privacy and security well maintained.”
Researchers also discovered API (application programming interface) leaks that could reveal personal data to an attacker, especially sensitive information such as user tastes or preferences. All 15 apps studied were found to have some form of API leak.
A feature or a bug?
Most of the apps studied have closed the loophole and corrected this flaw by rounding coordinates to three decimal places to make them less precise. Grindr has allowed location sharing up to 111 meters and explained that its location sharing practices are deliberate.
“For many of our users, Grindr is their only way to connect with the LGBTQ+ community, and the proximity Grindr offers to this community is essential to providing the ability to interact with those closest to them,” said Grindr’s Chief Privacy Officer Kelly Peterson Miranda.
It should be noted that in countries where homosexual activity is illegal, this practice could be particularly serious. Grindr insists that users have control over the location information they provide.
Through TechnologyCrunch
