Vulnerability Management

Mobile dating apps lack encryption, leave daters vulnerable

Online daters might have to worry about more than just their hearts being stolen this Valentine's Day, after HP research showed that more than 90 percent of popular dating mobile apps it scanned sent out sensitive information, including purchasing information, unencrypted from phones.

According to Pew Research, one in ten Americans have used an online dating site like eHarmony, OKCupid, Zoosk, Grindr and eVow and 59 percent of Internet users agree “online dating is a good way to meet people.” But the HP research shows that they're flirting with having identifying information compromised.

When HP used Fortify-on-Demand to scan 12 popular dating sites, it found that all of them registered at least two privacy alerts, out of 11 scans. In addition, more than 70 percent asked for access to a user's geo-location which can be leaked if an app sends it out unencrypted to a third party that has not been authorized by the user. 

To improve security, dating sites must "simultaneously educate developers on how to create secure code easily [and] to integrate security checks into the development lifecycle," a spokesperson for HP told SCMagazine.com in a Valentine's Day email.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.