What do dating apps know about us?
Online dating apps are very popular. It is easy to install them on any device and to access them at any time from any place. They are fun and sexy and give lots of hope to those who are searching for their perfect match. But what really happens when someone installs an online dating app on their smartphone?
We did a study of user permissions to online dating apps allowing access to their personal data such as identity, photos, contacts or network access on their smartphones.
The results show that when installing one of the examined dating apps, users give access permission for a lot of personal data on their smartphones, like precise location, other accounts on their device, network connections, modification or deletion of the contents on their USB storage and much more.
The goal of Datingroo’s research is to raise awareness and provide a better understanding of what data and information online dating apps can access on a user’s device.
Let’s take a closer look.
Summary of research
Our study is based on the data collected from the 10 most popular online dating apps for Android systems. We investigated what concrete informations and smartphone data those apps have access to once they are installed.
The analysis focuses on apps available in the Google Play app store in July 2019 and examined 45 personal data access points in 13 categories.
The main conclusion of the Datingroo research
Although the primary goal of an online dating app is to connect users and not to protect them from cybercrime, the actual fact is that hackers are able to access informations easily by looking into the device directly through the app. When installing an online dating app, users are instantly giving permission for access to a lot of personal data, and many app users are not even aware of those permissions or how they could be misused.
Which apps we tested
We examined the 10 most popular online dating apps:
An estimated 50 million people in 196 countries are using Tinder. The app was released in 2012 and is available in 30 languages.
Launched in 2006, with 422 million users in 190 countries and 47 languages, Badoo is the largest app for meeting new people in the world.
With 13 million users worldwide, Elite Singles launched in 2009. Members are mostly highly educated.
Launched in 1995, Match was one of the first online dating services in the world. Today it has 8.6 million users worldwide.
Founded in 2007, Zoosk boasts 40 million users worldwide.
One of the most popular online dating websites, eHarmony has 10 million users worldwide.
With 70 million registered users worldwide, Lovoo is one of the fastest growing dating apps since it was officially launched in 2011.
Plenty of Fish
Originally established in 2003, POF has 100 million registered users worldwide.
OkCupid was launched in 2001 and today claims to have 50 million users worldwide.
Coffee meets Bagel
Since it was founded in 2012, over 7 million users have installed the Coffee meets Bagel app.
What we researched
The access permissions to 45 personal data access points divided in 13 categories:
- Find accounts on the device
- Read your own contact card
- Add or remove accounts
- Read phone status and identity
- Directly call phone numbers
- Take photos and videos
DEVICE ID & CALL INFORMATION
- Read phone status and identity
- Approximate location (network-based)
- Precise location (GPS and network-based)
- Read Home settings and shortcuts
- Receive data from Internet
- Run at startup
- Full network access
- Change your audio settings
- Use accounts on the device
- Control vibration
- Access Bluetooth settings
- Change network connectivity
- View network connections
- Pair with Bluetooth devices
- Google Play license check
- Reorder running apps
- Install shortcuts
- Prevent device from sleeping
- Read Google service configuration
- Full license to interact across users
- Draw over other apps
- Interact across users
- Create accounts and set passwords
- Disable your screen lock
Wi-Fi CONNECTION INFORMATION
- View Wi-Fi connections
- Allow Wi-Fi Multicast reception
- Connect and disconnect from Wi-Fi
- Read the contents of your USB storage
- Modify/delete the contents of your USB storage
- Find accounts on the device
- Read your contacts
- Modify your contacts
- Send text messages (SMS)
- Receive text messages (SMS)
- Read your text messages (SMS or MMS)
- Record audio
DEVICE & APP HISTORY
- Retrieve running apps
Among all tested online dating apps, Badoo and Plenty of Fish have access to most of the data in users devices (92%). Having in mind that those two are the most popular online dating platforms with more than 522 Million users worldwide together, this data access provides them an enormous amount of personal informations.
Coffee meets Bagel has the least data access, as well as the fewest users among all tested dating platforms (7 Million users).
OkCupid, with 50 Million users worldwide, is at the bottom of the list for data access on users mobile devices. Other very popular dating websites such as Tinder, Loovo, eHarmony, and Zoosk have similar levels of access to data on a user’s device.
What can go wrong?
Since our study showed that almost all tested online dating apps have access to users storage, photos, media, files, location, contacts, and full network access, our research goes deeper into the topic in order to understand the negative effects that can happen in case of data leaks from the device that the application has access to.
Through vulnerability of the online dating apps, an attacker could steal the user’s saved billing information on their device and could use them to make unauthorised purchases.
Since all researched online dating apps have access to the photos, media and files, an attacker could use some confidential business proposals and contracts or some compromising photos and videos of the user and use them for criminal purposes.
One extremely personal privacy violation when an app has access to the camera would be if an attacker takes control of the camera on the user’s device and takes unauthorised photos and videos of the user when they are not aware of it.
If an attacker has access to the contacts from a device, they could send out messages with malicious code pretending to be the user. This could potentially infect the devices of the user’s contacts .
By having access to the user’s location, an attacker could know how the user moves, where they sleep, where they work, and their daily routine. Using GPS data, an attacker could track the user and physically approach them.
An attacker could modify data and information stored on the applications. An attacker could also deny user access to the application.
What users can do to protect themselves
When a user installs an online dating app and gives all the permissions for accessing the data from their device, they expose their data and should be always aware of it. In spite of this, there are still a few ways users can protect their data and have control over it.
- Create a strong password for each online account. The best way to create a password is to choose three random words that are not related to any of your personal information, hobbies, sports teams, place of birth or family members. Always have in mind that email and online banking accounts are highly important and should have extra strong passwords.
- Don’t divulge personal information such as your birthday, work, salary, social media profiles, home address, bank account, children, calendar, etc.
- Keep important information, documents, passwords, photos, business contracts and explicit videos and photos out of your mobile device. Store them on a device not connected to the internet.
- Check your mobile apps and the access they are granted regularly. It can happen that an app gains additional permissions on your device each time it updates. If you notice something alarming, unclick it or reinstall the app.
Updates: November 2019
Due to regular updates on dating apps data access permissions, there have been some changes which should be taken into account for this Study from November 2019.
Fewer data access permissions:
- OkCupid is not allowed to modify users’ contacts anymore
- Tinder doesn’t have access permission on users’ camera anymore
- Coffee Meets Bagel is not able to receive data from the Internet through users’ smartphone
- Coffee Meets Bagel is not able to run a startup on the user’s smartphone
- Zoosk doesn’t have access to read Google service configuration anymore
More data access permissions:
- eHarmony has access to an approximate and precise location on the user’s smartphone
datingroo.nz is the platform for evaluating dating websites for different categories of users and relationships such as serious relationship, casual dating or LGBTQ dating to the senior dating and many more categories.
Our team is deeply researching the online dating market, providing true and unbiased reviews as well as social, safety, gender and lifestyle studies and investigative articles for users, media and partners.
We are offering clear information about the online dating world, so everyone individually can make the best possible choice for joining the online dating platform according to its personal needs, affinities, age, education and personality.
If you find this study useful, or have a comment, suggestion and feedback, please contact us! We are very open for matchmaking!
© Copyright Datingroo 2019
Produced in Germany