Opinion

How to secure your dating data this Valentine's Day

The use of dating apps has significantly increased during the Covid-19 pandemic, but what about security and privacy?

Erez Yalon 13:3614.02.21
Valentine's Day will be very different this year: no romantic dinners in restaurants, no parties, and no flights to romantic cities around the world.

 

With the Covid-19 pandemic bringing fewer opportunities to celebrate or meet in person, dating apps are experiencing a boom as users look to make and foster romantic connections from afar. The use of dating apps (such as Tinder, Hinge, Badoo, OkCupid, Bumble, and many others) has significantly increased in the past year. Most apps saw between 15-50% growth in registrations in 2020. And while staying home is safer, how can users stay digitally secure while dating from home?

 

As dating apps are flourishing during the pandemic, they are also becoming more virtual, encouraging the users to stay within the app for their dating calls instead of migrating them to Zoom or Skype. They are also providing users with more virtual experiences that were not needed in the past, such as in-app video features and speed dating games. Alongside these improvements, this also means, more sensitive information is in one place, and sometimes, more doors for malicious hackers to try and unlock (what security people describe as attack surfaces). Not long ago, the Checkmarx Security Research Team found severe vulnerabilities in Tinder, that could allow an attacker using the same network as the user to monitor the user’s every move on the app. It was also possible for an attacker to take control over the profile pictures the user sees, swapping them for inappropriate content, rogue advertising, or other types of malicious content.
Erez Yalon, Head of Security Research at Checkmarx. Photo: Guy Yechieli Erez Yalon, Head of Security Research at Checkmarx. Photo: Guy Yechieli

 

While no credential theft and no immediate financial impact were involved in this process, this revelation reached the U.S. Senate, showing us that we consider our dating life as something that should stay very private. Knowing that an attacker targeting a vulnerable user could have blackmailed the victim, threatened to expose highly personal information from the user’s Tinder profile and actions in the app, made many people feel exposed and uncomfortable.

 

While these specific issues have long been patched, this research, and several other findings in numerous dating applications since then, continue to raise important questions, which are relevant today, in our highly digital life more than ever: how accustomed have we grown to lack of privacy and what are app and software manufacturers doing to protect it? It seems that with all the large-scale attacks on our privacy, people are aware – or at least they should be – that every app they open is potentially a privacy risk.

 

So with this, it’s logical to ask who is responsible for preserving user security when it comes to using these applications. It’s not likely that consumers are going to abandon these altogether, but there are certain steps they can take, as well as the application manufacturers themselves, to make them more secure.

 

For end users:

• If you’re going to use online dating services, stay with the well-known and reputable apps and sites, as they will often have a more robust track record of maintaining software security.

• Share as little information as possible. While it’s easy for users to be tempted to provide an abundance of personal details to build out their profiles as much as possible, from a security standpoint, less is more.

• At the end of the day, always ask, “do I trust this entity with my personal information?” If the answer is not a clear “yes”, opt for another route.

 

For software manufacturers & developers:

• Security and privacy are a top concern of your users. Make it a top priority and the main pillar of your software design.

• Security is hard. Regardless of the size of your development and security teams, using security testing that can scan code both before and after an application’s launch will make it easier to ensure vulnerabilities are being detected on an ongoing basis.

• It takes a village. Open a bug bounty or a bug disclosure program and let researchers know you welcome their assistance in making the world a better place.

 

The questions that application and software end users are increasingly asking are extremely important in today’s digital age and should be addressed. Placing this increased “pressure” on manufacturers will encourage them to be more proactive in ensuring their apps are released and maintained in a secure manner.

 

So on a day like Valentine’s Day when love is in the air, while it may not be the most ‘romantic’ reminder, always remember to preserve your dating data.

 

The author is the Head of Security Research at Checkmarx