Majority of dating apps on Android compromise the security of their users. And because plenty of people use dating apps on the smartphone they use for work, the apps expose them and their employers to the risk of cyberattacks that could put personal information and trade secrets in danger.
A new report released by IBM shows 26 out of the top 41 dating apps available for Android exhibited "medium or high severity vulnerabilities" that allow hackers to gain access to the user's personal data through various means. The report also shows that in 50 percent of all companies included in the survey, more than one employee used dating apps on their smartphones.
The study does not include apps for iOS, which doesn't come as a surprise since IBM and Apple have formed a partnership to provide business-centric apps to enterprise consumers.
In a blog post, IBM market segment manager for application security Neil Jones says the vulnerable apps pose a number of ways that hackers can potentially exploit the security holes, including using the dating app to download and install malware, accessing the phone's GPS information to track the user's location, gaining remote access to the phone's microphone or camera to eavesdrop on private conversations, and hijacking the user's dating profile to change their data or leak private information that could damage one's reputation.
Using IBM's own AppScan Mobile Analyzer, IBM found out that more than 60 percent of the dating apps included in the study were vulnerable specifically to three kinds of attacks.
First, hackers can launch cross-site scripting attacks via man in the middle to intercept cookies and other information through unsecure Wi-Fi connections to tap into other features on the device. They can also launch Debug Flag-enabled exploits to retrieve information from a debug-enabled app and install malware. Hackers can also use the dating apps to direct users to fake login screens where they can enter their credentials. Using these information, hackers can take control of users' accounts and potentially send malicious code to infiltrate other daters' devices.
IBM says the vulnerabilities are troubling for businesses, particularly in bring-your-own-device (BYOD) settings where employees use for business the same smartphone they use for personal situations. The problem, IBM says, is that users let their guard down when anticipating messages from potential dates, just as they do when meeting new people for the first time in the physical world.
"Consumers need to be careful not to reveal too much personal information on these sites as they look to build a relationship," says Caleb Barlow, vice president of IBM Security. "Our research demonstrates that some users may be engaged in a dangerous trade-off - with increased sharing resulting in decreased personal security and privacy."
IBM also recommends that corporations also protect organizational security by using enterprise mobility management services, of which IBM is a provider.
