A recent report by TechCrunch revealed that a team of researchers from KU Leuven in Belgium found privacy vulnerabilities in popular dating apps that could potentially expose users’ locations. The study identified six dating apps – Hinge, Happn, Bumble, Grindr, Badoo, and Hily – that exhibited a form of “trilateration,” allowing malicious users to pinpoint the near-exact location of other users.
Trilateration is a three-point measurement technique used in GPS to determine the relative distance to a target. The six apps fell into different categories of trilateration, including exact distance trilateration, round distance trilateration, and oracle trilateration. Grindr was found to be susceptible to exact distance trilateration, while Happn fell under round distance trilateration. Hinge and Hily fell under oracle trilateration despite hiding user distances.
One of the researchers, Karel Dhondt, mentioned that a malicious user could locate another user up to 2 meters away using oracle trilateration. This method involves estimating the victim’s location based on their profile and moving incrementally to triangulate the data to one spot.
Some apps took immediate action to tighten their security measures. Bumble resolved issues with its distance filter, while Hily conducted an investigation to address potential trilateration vulnerabilities. Happn’s CEO stated that they discussed trilateration with researchers and are working on additional protection measures.
Grindr allows users to disable their distance display, giving users control over their location information. However, Badoo and Hinge did not provide comments on the report. In response to security concerns, Tinder implemented an advanced ID verification system requiring users in certain countries to upload official identification and a video selfie to combat spam bots and fake accounts.
Overall, the findings highlight the importance of ensuring user privacy and security on dating apps. It is crucial for app developers to address vulnerabilities promptly and implement robust security measures to protect user data and prevent potential location tracking by malicious users.
