When Harry Met Tinder: Security Analysis of Dating Apps on Android

Abstract

As the number of smartphone users has increased, so has the popularity of dating apps such as Tinder, Hinge, Grindr and Bumbler. At the same time, however, many users have growing privacy concerns about these applications disclosing their sensitive and private information to other service providers and/or strangers. This is particularly exacerbated due to the nature of dating apps requiring access to users’ personal contents such as chat messages, photos, video clips and locations. In this paper, we present an analysis of security and privacy issues in popular dating apps on Android. We carefully analyze the possibility of software vulnerabilities on the five most popular dating apps on Android through network traffic analyses and reverse engineering techniques for each dating app. Our experiment results demonstrate that user credential data can be stolen from all five applications; three apps may lead to the disclosure of user profiles, and one app may lead to the disclosure of chat messages.