Official dating id
Almost all online dating app servers use the HTTPS protocol, which means that, by checking certificate authenticity, one can shield against MITM attacks, in which the victim’s traffic passes through a rogue server on its way to the bona fide one.
The researchers installed a fake certificate to find out if the apps would check its authenticity; if they didn’t, they were in effect facilitating spying on other people’s traffic.
Tinder, Bumble, Ok Cupid, Badoo, Happn, and Paktor all store messaging history and photos of users together with their tokens.
Thus, the holder of superuser access privileges can easily access confidential information.
And if someone intercepts traffic from a personal device with Paktor installed, they might be surprised to learn that they can see the e-mail addresses of other app users.
Turns out it is possible to identify Happn and Paktor users in other social media 100% of the time, with a 60% success rate for Tinder and 50% for Bumble.
The study showed that many dating apps do not handle users’ sensitive data with sufficient care.
That’s no reason not to use such services — you simply need to understand the issues and, where possible, minimize the risks.
The analytics module used in the Android version does not encrypt data about the device (model, serial number, etc.), and the i OS version connects to the server over HTTP and transfers all data unencrypted (and thus unprotected), messages included.This concerns only Android-based devices; malware able to gain root access in i OS is a rarity.