Researchers from the KU Leuven University in Belgium have identified a vulnerable privacy bug in six popular dating apps that can easily expose a user’s approximate location through a technique known as trilateration. Apps such as Bumble, Hinge, Happn, Grindr, Badoo and Hily all exhibited trilateration, which is a method using GPS that determines a person’s position by measuring distances from known points or locations.
In the group’s research paper, the researchers revealed how these dating apps were able to exploit the trilateration technique, which basically uses a three-point measurement technique, typically used in GPS, to determine the relative distance to a subject.
Grindr was found to be the most vulnerable, with the researchers being able to reach “exact distance trilateration,” pinpointing a user’s location within a 111 x 111m area. Happn, on the other hand, was categorised under “rounded distance trilateration,” while Hinge, Bumble, Badoo, and Hily were specified under “oracle trilateration.” Even though Hinge and Hily somewhat had obscure distance information, the study shows that the remaining apps still use methods that could reveal user locations to some extent.
One of the researchers explains that stalkers could exploit oracle trilateration to narrow down a target’s location to within 2 metres by moving through different positions and triangulating the data. This could allow close proximity tracking of users based on their profile pictures and nearby movements.
In response to these findings, Bumble’s vice president of global communication stated that the company had resolved similar issues with its distance filter last year. Hily’s Chief Technology Officer mentioned that while the app had potential for trilateration, exploiting it for attacks was deemed impractical. Happn’s CEO noted that its system includes an additional layer of protection but it was not accounted for in the study’s analysis.
Grindr’s Chief Privacy Officer highlighted that users have the option to disable locations on their profiles and maintain control over the location information they share. Meanwhile, Hinge did not provide a comment on the situation. Tinder has also addressed this location privacy case by enhancing internal security measures, such as requiring new users to upload a driver’s license or passport, and a selfie for identity verification.
(Source: Engadget, TechCrunch)
Follow us on Instagram, Facebook, Twitter or Telegram for more updates and breaking news.