If you’re searching for love with a mobile app this Valentine’s Day, you might want to use protection – protection for your mobile device, that is.
About six in 10 dating apps on the Android platform are vulnerable to attacks, according to IBM Corp.’s analysis done with its AppScan Mobile Analyzer technology. That should be a worry to businesses too, since IBM also found that half of enterprises have employees that using these vulnerable dating apps on the same device that also contains business data. IBM analyzed the top 41 dating apps available on Android for its study.
While the IBM study doesn’t name what apps are specifically vulnerable, it does describe some of the scenarios that might arise as a result of the vulnerabilities – most of them scarier than even a first date:
- Profile take-over. Many of the apps were found by IBM to have a Debug Flag enabled, which could allow a malicious app on the device to read or write to its memory. That would allow an attacker to intercept information such as your profile login credentials, leading them to login to your dating profile and using it to send out messages masquerading as you. Who knows how bad their pickup lines could be?
- GPS Stalking. Since many of the apps were exposed to “Man in the Middle” attacks where a hacker could intercept communications from the app using a rouge access point, it’s possible someone could have their location tracked as a result.
- Picking your digital wallet. For apps that have direct access to a digital wallet to enable in-app purchases, that could also be intercepted by a hacker that uses the information to make purchases elsewhere, or just sells the payment credentials on the black market.
IBM doesn’t say you should avoid dating apps altogether this Valentine’s Day, but using them while exercising some caution is wise. IBM advises keeping a close eye on what permissions those dating apps are using on your device in the settings menu, and rechecking them every time you update the app. Keep your apps updated and use unique passwords for each one. Also, make sure you trust the WiFi connections you’re using when checking out your date options.
Businesses may want to consider a policy where dating apps and sensitive business data can’t be on the same logical device. Many mobile device management solutions now offer virtualization as a way to segment business and personal data, while allowing users to access what they wish.