Most Android dating apps have severe security flaws, risking corporate secrets

The majority of dating apps have serious security vulnerabilities that put user data at risk. And because people are online dating at work, those risks are passed onto their employer.
Written by Zack Whittaker, Contributor
IBM warns that Android-based dating apps are full of security holes
(Image: CNET/CBS Interactive)

Using a dating app on your work's dime could end up putting your company's data at risk, new research has found.

A study conducted by IBM warned that 60 percent of the most popular dating mobile apps on the Android mobile platform have flaws that could put users at risk from data theft and cyberattacks.

Making matters worse, half of all the companies examined in the study have at least one employee using dating apps -- effectively punching a gaping hole in a company's security fence.

The problem lies with the apps, but also highlights issues with Android. These dating apps often ask for access to an Android device's microphone, camera, storage, geolocation, and mobile wallet data. When vulnerabilities in these apps are exploited, that can allow hackers into the mobile device -- and crucially, its data.

How big of a problem is it? Potentially bigger than you might expect.

IBM said it identified 26 of the 41 dating apps for Android that had either medium or high severity flaws. (These apps were checked in October, but it's not known if the flaws have been fixed. IBM said it had informed each app maker of the vulnerabilities.) The flaws identified included man-in-the-middle attacks and cross-site scripting (XSS) flaws.

Those flaws can allow hackers to spread malware on internal company networks, grab data, track a user's location, and potentially access credit card data.

The lesson is relatively straight forward. Of course, it goes without saying -- you probably shouldn't be on Tinder, OKCupid, or Match.com while you're at work. And while most apps have privacy precautions built-in, it's not always enough to protect against the weakest link in the chain: the person using the app itself.

Editorial standards