Love bite: For Valentine’s Day, beware of Android dating apps

Love is in the air — literally as well as figuratively.

With Valentine’s Day a few days away, dating apps are on the minds of more than a few employees. So now’s the time to remind them about safe mobile app practices. That includes having technology that ensures staff have separate personal and corporate containers for mobile apps, and allowing them to only download corporate apps from a company-run app store, or one approved by the enterprise.

In a survey last fall IBM found over 60 percent of leading Android dating mobile apps studied were potentially vulnerable to a variety of cyber-attacks that put personal user information and corporate data at risk.

Twenty-six of the 41 dating apps analyzed in the Google Play app store had either medium or high severity vulnerabilities, IBM said in a news release this week.

Some of the vulnerable apps could be reprogrammed by hackers to send an alert that asks users to click for an update or to retrieve a message that, in reality, is just a ploy to download malware onto their device.

IBM [NYSE: IBM] found also 73 per cent of the 41 popular dating apps analyzed had access to current and past GPS location information. Hackers can capture a user’s current and past GPS location information to find out where a user lives, works, or spends most of their time.

Almost half of the apps analyzed had access to a user’s billing information saved on their device. Through poor coding, an attacker could gain access to billing information saved on the device’s mobile wallet through a vulnerability in the dating app and steal the information to make unauthorized purchases.

All the vulnerabilities identified can allow a hacker to gain access to a phone’s camera or microphone even if the user is not logged into the app, opening the possibility of someone eavesdropping or tapping into confidential business meetings.

Some of the specific vulnerabilities identified on the at-risk dating apps include cross site scripting via man in the middle, debug flag enabled, weak random number generator and phishing via man in the middle. When these vulnerabilities are exploited an attacker can potentially use the mobile device to conduct attacks, IBM said.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now