CyberWorld: Location-sharing features on dating apps raise security concerns

Pesky individuals and hackers can cause stress to app users, highlight possible vulnerability

Alex will not go away.

She warns Dan as they stand in her Manhattan apartment in a scene from “Fatal Attraction,” the cult thriller about a married man’s weekend indiscretions with an unmarried woman and the nightmare that follows.

Alex (Glenn Close) threatens Dan (Michael Douglas) with telling his wife of the weekend affair unless he reunites with her for a much longer-term relationship.

“I just want to be a part of your life,” Alex says. “What am I supposed to do? You won’t answer my calls. You changed your number. I’m not going to be ignored, Dan.”

- - - advertisement - - -

Safety First

Ars Technica
bit.ly/14OevNp


Charlotte-Mecklenburg Police Department (Personal Safety Information)
bit.ly/1MO9140

Alex tracks down Dan at home and work, locates his car in a parking garage, memorizes his phone number, identifies and coerces his school-aged daughter into a trip to the amusement park. She even gains access to the rabbit hutch out back of Dan’s house to lay the ground for one of the most memorable moments in screen history.

It was 1987, well before the Internet and decades before online apps with location-sharing features that allow users to track others all over town — whether they know it or not.

Millions of Americans use these apps without incident every day to meet others for drinks, movies, dinner dates, even casual sex.

What happens, though, when the hot guy you spot on Grindr — whom you determine through the app’s location-sharing feature is only 100 feet away — agrees to accompany you home for a one-night roll in the hay, but just won’t go away afterward?

Related: Online dating safety tips

Ars Technica posted an article in January 2015 on the results of one security firm’s research into the location-sharing feature that dating app Grindr markets as a “core offering” of its app.

For starters, Colby Moore of research firm Synack makes clear in the article that Grindr is not the only dating app where the location-sharing feature raises concerns.

“I’ve looked at five or so dating apps and all are vulnerable to similar vulnerabilities,” he said.

Last year, Moore and fellow researchers set up a free account on Grindr.

By “hacking” the location-sharing feature through multiple bogus location requests to servers behind the app, Moore and his associates were able to follow select Grindr users around electronically throughout the day.

“The exploit allowed Moore to compile a detailed dossier on volunteer users by tracking where they went to work in the morning, the gyms where they exercised, where they slept at night and other places they frequented,” the Ars Technica article reads. “Using this data and cross referencing it with public records and data contained in Grindr profiles and other social networking sites, it would be possible to uncover the identities of these people.”

Synack reported the results to Grindr.

The information, coupled with reports that Egyptian police were using Grindr and its location-sharing feature to track down and prosecute gay men, prompted Grindr to disable the location-sharing feature in countries where being gay is illegal.

- - - advertisement - - -

“Even after researchers from security firm Synack independently confirmed the privacy threat [associated with the location-sharing feature], Grindr officials have allowed it to remain for users in all but a handful of countries where being gay is illegal,” the article reads. “As a result, geographic locations of Grindr users in the U.S. and most other places can be tracked down to the very park bench where they happen to be having lunch or bar where they’re drinking and monitored almost continuously.”

Grindr, which reportedly serves more than 5 million users monthly, addressed the safety concerns in a post to its website in August 2014.

“There have been recent reports that Grindr has an alleged security flaw and we wanted to clarify the matter with you all,” the post reads. “There is nothing that matters more to us than our users and protecting the Grindr community is a core priority.”

Grindr then restates its mission — to help guys meet other guys — in justifying geolocation technology as the best way for users to meet up “simply and efficiently.”

“We do not view this as a security flaw,” the post reads.

Grindr then recommends steps that users can take.

“For Grindr users concerned about showing their proximity, we make it very easy for them to remove this option and we encourage them to disable ‘show distance’ in their privacy settings,” the post reads. “If a user wishes to turn off his distance setting, all he needs to do is toggle the show distance option in settings. The app will still work, however other uses won’t be able to see exactly how far they are.”

While Moore argued that Grindr could be doing more to protect its users, law enforcement officials in recent years have been including Internet safety tips in their public safety campaigns and on their websites.

Although the Charlotte-Mecklenburg Police Department does not list safety and prevention tips on its website specific to use of dating apps such a Grindr, Scruff and Growlr, the department warns on its “Personal Safety Information” page that potential criminals will try and determine vulnerability, accessibility and availability in any given situation and in any way they can.

 

- - - advertisement - - -