However, not every developer promised to patch all of the flaws.Our researchers discovered that four of the nine apps they investigated allow potential criminals to figure out who’s hiding behind a nickname based on data provided by users themselves.This concerns only Android-based devices; malware able to gain root access in i OS is a rarity.The result of the analysis is less than encouraging: Eight of the nine applications for Android are ready to provide too much information to cybercriminals with superuser access rights.Russian dating sites are very popular and while many men have met genuine, loving Russian women, unfortunately sometimes one encounters scammers as well.
And almost all of the apps authorize through Facebook, so the lack of certificate verification can lead to the theft of the temporary authorization key in the form of a token.As our researchers found out, one of the most insecure apps in this respect is Mamba.The analytics module used in the Android version does not encrypt data about the device (model, serial number, etc.), and the i OS version connects to the server over HTTP and transfers all data unencrypted (and thus unprotected), messages included.As such, the researchers were able to get authorization tokens for social media from almost all of the apps in question.The credentials were encrypted, but the decryption key was easily extractable from the app itself.Searching for one’s destiny online — be it a lifelong relationship or a one-night stand — has been pretty common for quite some time. To find the ideal partner, users of such apps are ready to reveal their name, occupation, place of work, where they like to hang out, and lots more besides.Dating apps are often privy to things of a rather intimate nature, including the occasional nude photo. Kaspersky Lab decided to put them through their security paces.For example, Tinder, Happn, and Bumble let anyone see a user’s specified place of work or study.Using this information, it’s possible to find their social media accounts and discover their real names.That’s actually the app’s main feature, as unbelievable as we find it.Most apps transfer data to the server over an SSL-encrypted channel, but there are exceptions.