As a result, an attacker can end up with the email addresses not only of those users whose profiles they viewed but also for other users – the app receives a list of users from the server with data that includes email addresses.
This problem is found in both the Android and i OS versions of the app. Some of the apps in our study allow you to attach an Instagram account to your profile.
Most of the applications use SSL when communicating with a server, but some things remain unencrypted.
For example, Tinder, Paktor and Bumble for Android and the i OS version of Badoo upload photos via HTTP, i.e., in unencrypted format.
We’re talking here about intercepting and stealing personal information and the de-anonymization of a dating service that could cause victims no end of troubles – from messages being sent out in their names to blackmail.