As our researchers found out, one of the most insecure apps in this respect is Mamba.
The analytics module used in the Android version does not encrypt data about the device (model, serial number, etc.), and the i OS version connects to the server over HTTP and transfers all data unencrypted (and thus unprotected), messages included.
It turned out that most apps (five out of nine) are vulnerable to MITM attacks because they do not verify the authenticity of certificates.
And almost all of the apps authorize through Facebook, so the lack of certificate verification can lead to the theft of the temporary authorization key in the form of a token.
The credentials were encrypted, but the decryption key was easily extractable from the app itself.
Searching for one’s destiny online — be it a lifelong relationship or a one-night stand — has been pretty common for quite some time. To find the ideal partner, users of such apps are ready to reveal their name, occupation, place of work, where they like to hang out, and lots more besides.
Dating apps are often privy to things of a rather intimate nature, including the occasional nude photo. Kaspersky Lab decided to put them through their security paces.
This concerns only Android-based devices; malware able to gain root access in i OS is a rarity.
The result of the analysis is less than encouraging: Eight of the nine applications for Android are ready to provide too much information to cybercriminals with superuser access rights.