TechCrunch A team of researchers from Belgium’s KU Leuven University has identified six popular dating apps that malicious users can use to pinpoint other users’ nearby locations. Dating apps including Hinge, Happn, Bumble, Grindr, Badoo, and Hily have all featured some form of “triggering” that could expose users’ approximate locations, prompting some apps to take action and beef up their security. published article.
The term “trilateration” refers to the three-point measurement used in GPS to determine the relative distance to a target. The six named programs fall into one of three trilateration categories, including “precise distance trilateration,” where the target is accurate to “at least a 111m x 111m square (at the equator),” “round distance trilateration,” or “oracle trilateration.” Distance filters are used to approximate a circular area like a Venn diagram.
Grindr is “sensitive to exact distance trilateration”, while Happn falls under “round distance trilateration”. According to the paper, while Hinge and Hily users hide their distances, the other four are under “oracle trilateration.”
This was reported by Karel Dhondt, one of the researchers who participated in the study TechCrunch that a malicious user can find another user within “2 meters” using oracle trilateration. This method involves the malicious user estimating the victim’s location based on their profile and moving in increments until the victim is nearby at three different locations and converting the data to a single point.
Gabrielle Ferree, Bumble’s vice president of global communications, told the website that they “quickly addressed the issues described” with the distance filter last year. Dmytro Kononov, co-founder and chief technology officer of Hily, said in a statement that the investigation revealed a “potential opportunity for triangulation” but that it was “unlikely to be used for attacks.”
Happn CEO and President Karima Ben Adelmalek said about it TechCrunch they discussed trilateration with Belgian researchers. He says the extra layer of protection meant to prevent trilateration “was not factored into their analysis.”
Kelly Peterson Miranda, Grindr’s chief privacy officer, noted that users can turn off distance indicators from their profiles. He also noted that “Grindr users are in control of what location data they submit.” Badoo and Hinge did not respond for comment.
Other dating apps have taken extra steps to ensure their users are talking to real people, not spambots or fake accounts. Tinder in February, it began requiring users in the US, UK, Brazil and Mexico to upload a copy of an official driver’s license or passport along with a video selfie as part of a new enhanced ID verification system.
