DonaldDaters.com, a dating website for Donald Trump supporters, might want to consider changing its tagline from Make Dating Great Again to Make My Data Safe Again after a security researcher found the app exposed user information.
Lonely heart Trump supporters may believe that some on the Left have thwarted their quest for romance to choosing “party over love,” but it was an open database leaking personal details that derailed the site, shortly after it opened its doors, according to findings by a French security researcher who goes by the handle Elliot Alderson.
While checking out the dating site, the researcher found the app, which used Firebase, was “asking a lot of dangerous permissions.” A closer look at the values/strings.xml file showed that the “ids and keys of everything are hardcoded in this file… It’s showing how serious they are regarding the security,” he wrote in a blog post.
But the company apparently “kept the development settings for their database,” making it “accessible by everyone” and allowing him “to view all the user info (name, avatar, id, platform, notification), use their token, see all the private messages,” the researcher said.
The lukewarm reception to the dating site might have curbed the personal information exposed, though.
“The app is out only for a few hours so there is [sic] only 1607 users and 128 matches,” he said. “Funny thing, the longest discussion, 62 messages, is between the devs of the app.”
“Leaving the application unprotected is leaving the data in transit unprotected. But as we are seeing more and more today — from Air Canada and British Airways, to Ticketmaster and the Tory party event app breach, and even the silly little Donald Daters app — apps are not developed securely, and organizations are not taking responsibility for the security of these apps and the data that they hold,” said Aaron Lint, chief scientist at Arxan. “While ‘Donald’s Daters’ is a relatively simple app with a small user base, this is yet another example of the greater security issue we are facing — and there needs to be greater accountability for app security across the board.”