Dating Apps Posing Privacy Risks, Mozilla Foundation

Mozilla Foundation, a not-for-profit organization, published a report assessing the data privacy practices of 25 well-known dating apps and discovered most of them suspicious. This evaluation is identical to one conducted in 2021, which disclosed that dating apps have worsened. Given that dating applications require an immense quantity of user personal data, the foundation reported, 

“Companies usually exploit this situation and use your personal data for purposes unrelated to love. They often say they may share, sell, or fail to do the bare minimum to protect the data.”

22 of the 25 apps assessed got the ‘Privacy Not Included’ label since they failed to meet the foundation’s minimum-security standards.

What data do the dating apps collect?

The report described the quantity of information the apps collect. This ranges from insignificant questions like your parent’s marital status to sensitive data, including photographs, HIV status, race, sexuality, or even biometrics, which is compulsory. 

Privacy policies may also be deceptive, like when Tinder requests your authorization to share your data location, but the service fails to function without it. 64% of apps also hint at establishing implications in their privacy policies, which basically employ your information to speculate on more details regarding a user. 

Is your data secure? 

To make matters worse, most applications include privacy policies that permit them to share your data with others or fail to take adequate precautions to protect your personal information. 

“Many dating apps (80%) may sell or share your personal information for advertising. And sometimes it’s unclear whether your personal data is being sold or not.”

The Report

Moreover, the report pinpoints the continuous risks of data breaches;

“We also couldn’t validate if half (52%) of the apps do the bare minimum to keep all your personal data secure by meeting our Minimum-Security Standards. So, it’s also not astounding that a similar number of applications ‘ding’ for a data leak, breach, or hack over the past three years.”

AI integration spells risk

Mozilla also cautions that dating apps’ eagerness to integrate AI may aggravate current problems. Despite the goal of utilizing AI for everything from assisting users in choosing their profile images to AI chatbot boyfriends, the foundation conveys its concerns;

“Since generative AI is a privacy minefield that we’re not assured already bad-at-privacy dating apps can control.”

Some concerning facts

• Lack of privacy policy: Although the dating app Lovoo is available in English-native countries such as the UK, Canada, and the US, it lacks an English version of its privacy policy. This lack of transparency in handling data raises concerns.  
• Integration of ownership: Spark Network and Match Group own most dating apps. This ownership aggregation may result in substantial personal information sharing across various apps within their relevant portfolios, undermining user privacy. 
• Legal issues: eHarmony and Match Group have been sued due to allegations of their harmful marketing strategies. These strategies focus on profits over customer needs, mainly trapping them into subscription plans. Such accusations raise doubts about the integrity of their operations and commitment to user satisfaction. 
• Possible prejudice in AI matching techniques: Some dating apps, like OkCupid, Facebook Dating, and Tinder, integrate AI into their matching algorithms. Sadly, there is no transparency about how these algorithms function. This raises concerns about the possibility of propagating real-world discrimination and biases based on factors like body type and race. 
• Increased romance scams: This is a common method scammers use to develop fake dating profiles to exploit unwary users for financial gain. Cases of such scams have been discovered on several services. These include Lovoo, Facebook Dating, Zoosk, Tantan, and Tinder, emphasizing the requirement for enhanced security standards.  
• Online anonymity: Various dating apps, like Her and Muzz, enable users to utilize aliases or nicknames, endorsing a certain level of privacy and anonymity for users. However, you can also add anonymity using a reliable Virtual Private Network.

How do popular dating apps perform? 

Hinge 

This dating app promotes itself as a platform that users can leave after they discover a meaningful relationship. However, Match Group’s acquisition of this platform in 2019 and the company’s track record of security and privacy issues raise concerns. These include vulnerabilities that may reveal user locations, lawsuits linked to photo verification tools, and possible data-sharing agreements with AI firms.  

Hinge gathers a significant amount of personal data, such as photos, biometric information (via Selfie verification), interests, sexual orientation, gender, and contacts. The data is shared with other Match Group companies and used for ad targeting. 

Moreover, the platform can create inferences about users’ characteristics and preferences based on gathered information. Hinge claims not to sell user data. However, it can share the information with authorities and third parties for advertising purposes. 

Researchers have expressed concern about the possibility of re-identifying anonymized information. Also, the privacy policy does not specify if all users may appeal the erasure of their personal data after utilizing the application. 

Tinder 

Tinder, one of the most popular dating apps and also owned by Match Group, struggles with security and privacy issues. In 2020, a suspicious site leaked over 70,000 women’s photographs from this app. 

It was also accused of violating GDPR rules by excessively exchanging data with third parties and advertisers. Tinder collects enormous amounts of data, such as biometric data, contact details, gender, photos, interests, and sexual orientation. The information is shared with other Match Group firms or used for ad targeting. 

Tinder has encountered lawsuits alleging it did not get relevant consent to process biometric data and authenticate fake accounts. Also, Match Group’s history raises concerns about possible data-sharing deals of user images for AI training. 

Despite Tinder’s claim that it does not sell personal data, it may share data with authorities and third parties for advertisements. Moreover, connecting Tinder with other social media sites, such as Instagram and Facebook, enables data sharing across various platforms. 

Bumble 

This dating app has encountered various security and privacy issues. In 2020, investigators discovered a security vulnerability that exposed personal data. The data include locations, weight, and political leanings of over 100 million Bumble users. Another bug in 2021 may have disclosed users’ actual locations. 

Bumble gathers sensitive personal information such as locations, birthdays, sexual preferences, email addresses, and biometric data via photo validation tools. 

Sharing any data implies consent from Bumble to process it. Other users can access direct messages, images, and user profiles. Bumble reviews message content to identify trends and for moderation purposes but claims to delete identifying information initially. 

Unless you opt-out, logging in via Facebook gives Bumble access to personal information. It can be photos and birthdates from the platform. Based on the data collected, it may make inferences about a user’s character and preferences. 

Moreover, it offers an opt-out option for data sharing with marketing associates. It signifyes that the platform may share the data of certain users or sell for advertising reasons. The application retains the right to employ videos and photos for research purposes.