More than 60 per cent of “leading” dating apps could be vulnerable to a variety of cyber-attacks which put personal user information and corporate data at risk, according to a study by IBM Security.
Many such apps have access to features like camera, microphone, storage, GPS location and mobile wallet billing information, which in combination with other vulnerabilities may make them “exploitable by hackers”.
IBM noted that nearly half of organisations analysed have connected devices used to access business information that also access at least one of these popular dating apps.
“Consumers need to be careful not to reveal too much personal information on these sites as they look to build a relationship. Our research demonstrates that some users may be engaged in a dangerous tradeoff – with increased sharing resulting in decreased personal security and privacy,” said Caleb Barlow, VP at IBM Security.
According to the research, 26 of the 41 dating apps analysed for the Android platform had either medium or high severity vulnerabilities. The analysis used apps available on the Google Play store in October 2014.
Potential threats include the use of dating apps to deliver malware – “users let their guard down when they anticipate receiving interest form a potential date” – and the use of GPS information to track movements.
Almost half of the surveyed apps also have access to a user’s billing information saved on a device, while identified vulnerabilities could also be used to gain access to a phone’s camera or microphone – even when a user is not logged-in.
IBM advised consumers not to divulge too much personal information until comfortable with the person engaged with via the app; to check permissions required when installing and updating apps; to use unique passwords for different accounts; to apply patches whenever they become available, and to only use trusted WiFi connections.
And enterprises were advised to use enterprise mobility tools to enable employees to use their own devices while maintaining security; to define where users can download apps from; to educate users on the risks of downloads and app-specific device permissions; and immediately communicate potential threats.