Sage Journals: Discover world-class research

Abstract

Online dating is increasingly popular among older adults, yet their vulnerability to cyberattacks makes the sharing of personal information particularly risky. This study investigates the privacy and security of online dating applications with a focus on users aged 65 and older. To this aid, we conducted a security analysis of the topmost downloaded dating applications, reviewing their privacy policies and data collection practices. Our findings reveal that these apps collect extensive personal data, including sensitive information such as location, sexual orientation, religious beliefs, health status, and more. Our analysis also identified 61 dangerous permissions implemented by these apps that allow access to restricted data and functionalities, with location access, camera permissions, and third-party data sharing posing significant risks for older users. Through this work, our goal is to promote enhanced privacy protections and raise security awareness to ensure a safer online dating environment for this marginalized group.

Keywords

online dating mobile analysis privacy and security

Introduction

Online dating is susceptible to cyber-attacks primarily due to its goal, which includes connecting people who are strangers (Obada-Obieh et al., 2017). This vulnerability is exacerbated by the unique nature of online dating in comparison to other social platforms; users may be inclined to disclose highly sensitive information, including but not limited to their sexual preferences and religious beliefs (Cobb & Kohno, 2017). Thus, malicious actors can exploit the vulnerable emotional state of users to lure them while sometimes leading to digital threats which are termed as “romance scams” (Aïmeur et al., 2019). The information collected by these platforms extends beyond mere demographics and can encompass users’ names, addresses, financial details, occupational information, sexual orientation, and religious affiliations (Vandeweerd et al., 2016).

The situation is more critical for older adults, and marginalized populations that suffer significant mental health risks and traumatic experiences due to online dating deception or “catfishing” (Mosley et al., 2020). Prior studies have shown that the use of online dating to meet partners appears to increase with age (Stephure et al., 2009), and a study found 20% of older adults know someone who developed a relationship with a person they met online (Wada et al., 2015). While certain apps are specifically designed for older adults, such as SilverSingles, many older adults still opt for mainstream dating platforms (Pew Research Center, 2023; Suciu, 2021). These widely used applications often come with functionalities that pose challenges for them to manage in terms of security and privacy (Pew Research Center, 2023; Suciu, 2021). To this perspective, in this work, we conducted a security analysis of the top 10 online dating applications identified to be used by adults of 65 years and above. Through this work, we identified the privacy and security implications of online dating by conducting a detailed security analysis of 10 online dating applications.

Related Work

Organizations such as the United Nations define older persons as 65 or over (United Nations, 2020). Extensive studies emphasize that older adults indeed express heightened privacy and security concerns related to the digital technologies they engage with (Lüders & Brandtzæg, 2017). However, a critical aspect emerges from research indicating that older adults often possess limited digital literacy and experiences, and do not have a detailed understanding of newer digital technologies and the data collection practices associated with them. This deficiency places them at an elevated risk concerning privacy and security (Frik et al., 2019; Hargittai & Dobransky, 2017; Morrison et al., 2020). Given the substantial gap in digital tool usage when compared to younger, more tech-savvy generations who also constitute a wealthier demographic, older adults become particularly attractive targets for malicious actors seeking to exploit vulnerabilities in their digital interactions (Gitlow, 2014; Morgan, 2015; Vandeweerd et al., 2016).

Extensive studies emphasize that older adults indeed express heightened privacy and security concerns related to the digital technologies they engage with (Lüders & Brandtzæg, 2017). However, a critical aspect emerges from research indicating that older adults often possess limited digital literacy and experiences, and do not have a detailed understanding of newer digital technologies and the data collection practices associated with them. This deficiency places them at an elevated risk concerning privacy and security (Frik et al., 2019; Hargittai & Dobransky, 2017; Morrison et al., 2020). Given the substantial gap in digital tool usage when compared to younger, more tech-savvy generations who also constitute a wealthier demographic, older adults become particularly attractive targets for malicious actors seeking to exploit vulnerabilities in their digital interactions (Gitlow, 2014; Morgan, 2015; Vandeweerd et al., 2016).

In the area of online dating, numerous efforts have been introduced to improve the privacy preservation of online dating, particularly as concerns about data privacy and security have grown in recent years (Cobb & Kohno, 2017). Many online dating platforms have implemented more stringent data protection policies to ensure user data is secure and private (Shetty et al., 2017). This can include measures such as data encryption in transit and at rest and stricter controls on how user data is accessed and shared. Some online dating platforms now offer users more control over their privacy settings, allowing them to choose which information to share and with whom (Cobb & Kohno, 2017). This can include options to hide certain information from other users or to limit access to specific profile details. To help prevent unauthorized access to user accounts, many online dating platforms now use more robust authentication methods, such as two-factor authentication (Phan et al., 2021; Weltevrede & Jansen, 2019). Research shows that cyber threat awareness plays a significant role in the likelihood of older adults being victims of cybercrime (Rowe, 2021). Nicholson et al. have found that older adults who are more aware of cyber threats are less likely to fall victim to cybercrime (Nicholson et al., 2021). This can be due to a number of factors, such as being more cautious about sharing personal information online, using stronger passwords, and being more likely to recognize and report suspicious activity.

Discussions around the privacy and security of online dating have emerged in several research. Wang et al. discuss methods to improve the privacy preservation of online dating, including a zero-knowledge encryption approach (Wang & Wang, 2018). Also, there is work done on building a trust-aware detection framework to help identify malicious actors on online dating platforms (Shen et al., 2022). Improper storage of sensitive information related to online dating apps has been demonstrated to be exploited by accessing private messages in apps such as FullCircle and MiuMeet (Farnden et al., 2015). Specifically, the user’s GPS information and phone number were recovered from the online dating applications Her and Hinge on Android (Hutchinson et al., 2020). In work done by Kim et al. (2018), they presented a framework to analyze software vulnerabilities in five dating apps, which include; Tinder, Amanda, Noondate, Glam, and DangYeonsi using static analysis and categorized the privacy issues therein into; user profiles, location information, user credentials, and chat messages. They realized that at least one privacy issue occurs in each of the five apps. Despite the efforts invested in mitigating cyber threats for online dating, less research has focused specifically on older adults, and thus these attacks still prevail. In our work, we conduct a detailed literature review of privacy and security concerns focusing on older adults.

Method

To perform security and privacy analysis of the online dating applications, we collected 10 from popular dating apps, including one adult dating app, and analyzed the apps’ privacy policies and the data required to set up an account on them. These apps are Bumble, Grindr, Match, OkCupid, Tinder, Harmony, EliteSingles, Christian Mingle, LDS Singles, and SilverSingles. We considered these applications because of the active users they have. Furthermore, we performed a static analysis of the 10 apps to understand the permissions required to use the apps.

To conduct an analysis of the privacy policies of the selected dating apps, we registered as users on each platform, thereby creating dummy user accounts. Following the creation of fake profiles, we investigated the specifics of the information collected by these applications from users. This involved a detailed review of the privacy policies associated with each app and gathering detailed insights into the types of user data retained by these applications for marketing and advertising purposes. Notably, the chosen 10 applications under examination represent prominent dating services in the United States, a selection based on 2022 statistics.¹

We also performed a security analysis of the dating applications using MobSF (Mobile Security Framework).² MobSF, an automated and comprehensive mobile application security assessment framework, offers capabilities for pen-testing, malware analysis, and overall security evaluation through both static and dynamic analysis techniques. Accessible online³, this tool provides a user-friendly interface allowing for the upload of mobile application files, subsequently generating detailed reports encompassing app functionality, potential security vulnerabilities, and an associated security score. This numerical score, ranging from 1 to 100, serves as a measure of the application’s security robustness, with lower scores indicating higher identified risks. Subsequent to employing MobSF, we examined the generated reports, exporting and analyzing them to identify specific risks associated with the permissions requested by the dating applications under consideration.

Findings and Discussion

Our investigation into dating apps revealed a noteworthy trend where these platforms tend to collect an extensive array of data beyond the standard information required for account creation. Typically, to register on a dating app, users are obligated to provide essential details such as their full name, age (to verify you are not a minor), gender, sexual orientation, and a minimum of two photos displaying their face for verification purposes. However, our analysis highlighted that the information collection goes beyond these fundamental elements, including more intimate details about users’ lives including videos, details about political and religious interests, preferences regarding children, geographic location, HIV status, health status, occupation, earnings, blood type, living situation, and various other personal interests which poses heightened risks for older adults, who may be less familiar with digital privacy practices.

Our analysis further showed that Match, Harmony, EliteSingles, and LDS Singles collect most of the data with six required data points and five voluntary data points. The only data they do not collect is the user’s HIV status. It is also interesting that the dating app that focused on older adults; SilverSingles required six data points and three voluntary data points. All the dating applications requested for phone number, email, birth date, and photos. However, OkCupid is the only app that does not request location information. We also realized that only an app designed for the gay community; Grindr uniquely requests users to disclose their HIV status, which is not optional for users during sign-ups. Tinder collects the user’s sexual orientation, messages, work information, exact location, phone number, any sent messages, and Spotify playlists. Furthermore, an additional security loophole compounds these risks, allowing an attacker to ascertain the presence of a particular user on these apps. This vulnerability stems from an exploitable aspect of the “forgot password” feature, which, alarmingly, solely necessitates knowledge of the user’s email address (Hasegawa et al., 2019).

In essence, social logins for the dating profile may give the attackers information about who you are friends with. Match, eHarmony, EliteSingles, and LDS Singles collect most of the data. They require six data points and five voluntary data points. The only data they do not collect is the user’s HIV status. Intriguingly, SilverSingles, a dating app tailored for older adults, maintains a similar data collection pattern, requiring six obligatory data points and permitting users to volunteer three additional points. All of the apps require location information except OkCupid, where location is optional. The commonalities across these platforms include the mandatory provision of a phone number, email, birth date, and photos during the account creation process. However, a notable exception arises with Grindr, a dating app catering specifically to the gay community, as it uniquely requests users to disclose their HIV status, which is not optional for users during sign-ups. Tinder collects the user’s sexual orientation, messages, work information, exact location, phone number, any sent messages, and Spotify playlists. We have collected 12 data points that the applications collect from users during sign-up and from the applications’ privacy policies.

Our security analysis with MobSF shows that the 10 apps possess 15 distinct permissions culminating in a cumulative total of 61 dangerous permissions, as shown in Table 1. Dangerous permissions give apps additional access to restricted user data or let apps perform restricted actions that substantially affect the system and other apps (for Developers, 2024). These permissions have the potential for misuse. Tinder (n = 10) and Christian Mingle (n = 10) stand out with the highest number of dangerous permissions requested by their respective apps, signifying a potentially elevated level of access to restricted user data or system functionality. This finding gains significance, especially considering research highlighting Tinder as the predominantly used application among older adults (Pew Research Center, 2023; Suciu, 2021). In contrast, EliteSingles uniquely refrains from seeking any dangerous permissions, highlighting a stringent approach to data access and user privacy. On the spectrum of security and risk levels, EliteSingles not only attains the highest security score at n = 64 but also achieves the lowest risk level categorized as “Low”. Conversely, Grindr and Tinder, both show the lowest security scores at 37 and 34, respectively, raise concern with a ‘” risk level designation. Interestingly, SilverSingles (specifically designed for people over 50 years) (n = 3) exhibits a minimal number of dangerous permissions, aligning with its low to medium risk level.

Table 1.

Details of Application Permission Data Showing the Security Score, Risk Level, and Dangerous Permissions (MobSF).

Applications	Security score	Risk level	Dangerous permissions
Bumble	40	Medium	8
GrindR	37	High	7
Match	44	Medium	7
OkCupid	51	Medium	6
Tinder	34	High	10
eHarmony	42	Medium	5
EliteSingles	64	Low	0
Christian Mingle	54	Medium	10
LDS Singles	44	Medium	5
SilverSingles	44	Medium	3

In terms of the distribution of the permissions, we recorded 15 individual dangerous permissions spread among the apps. Four of these permissions are only requested once that is, AUTHENTICATE_ACCOUNTS, MANAGE_ACCOUNTS, USE_CREDENTIALS, and MOUNT_UN-MOUNT_FILESYSTEMS.

In particular four permissions were mostly requested; READ_EXTERNAL_STORAGE (n = 9), WRITE_EXTER-NAL_STORAGE (n = 8), ACCESS_FINE_LOCATION (n = 8), and CAMERA (n = 8). The READ_EXTERNAL_STORAGE permission affords an application the capability to peruse the contents of external storage, granting access to stored data. In contrast, the WRITE_EXTERNAL_STORAGE permission extends this access to not only reading but also modifying and deleting external storage contents, thereby enabling a more comprehensive interaction with external files. The ACCESS_FINE_LOCATION permission assumes a different dimension, empowering an application to harness the Global Positioning System (GPS) of the mobile device, consequently pinpointing the user’s precise geographical location. Lastly, the CAMERA permission elevates the app’s capabilities by providing access to the mobile’s camera, allowing the application to capture images in real-time, presenting a potential privacy concern as it can capture visual data without user consent.

The dangerous permissions requested by these apps at run-time are sometimes critical but other times unnecessary. For example, permissions such as ACCESS_COARSE_LOCATION and ACCESS_FINE_LOCATION requested by 6 and 7 apps, respectively, are essential to determine a user’s location. However, permissions such as RECORD_AUDIO, as seen in Bumble, Grindr, Tinder, eHarmony, and Christian Mingles, may be required if the app allows users to record audio during chats. However, otherwise, these apps can access the device’s audio path. The permission READ_PHONE_STATE required by Bumble, Grindr, Tinder, Christian Singles, and SilverSingles allows the application to access the phone features of the device and determine the phone number and the serial number of the device, whether a call is active, the number that the call is connected to and so on. Another permission GET_TASKS requested by Christian Mingles and LDS Singles allows the application to retrieve information about current and running tasks in the device and may allow malicious applications to discover private information about other applications. The REQUEST_INSTALL_PACKAGES requested by OkCupid and Tinder allows malicious applications to try and trick users into installing additional malicious packages.

The distribution of permissions in online dating apps introduces privacy and security concerns, particularly for older adults, potentially exposing them to more significant risks than younger users. Among the 15 identified dangerous permissions, four—AUTHENTICATE_ACCOUNTS, MANAGE_ACCOUNTS, USE_CREDENTIALS, and MOUNT_UN-MOUNT_FILESYSTEMS—are requested only once, indicating potential outliers that could lead to diverse privacy and security vulnerabilities. Notably, READ_EXTERNAL_STORAGE (n = 9), WRITE_EXTERNAL_STORAGE (n = 8), ACCESS_FINE_LOCATION (n = 8), and CAMERA (n = 8) emerge as frequently requested permissions, each with distinctive implications for older adults.

READ_EXTERNAL_STORAGE and WRITE_EXTER-NAL_STORAGE enable extensive access to external storage, posing risks of data breaches and unauthorized modifications. The ACCESS_FINE_LOCATION permission, capable of pinpointing precise geographical locations, raises concerns about location privacy, potentially exposing older users to tracking or stalking. Furthermore, the CAMERA permission, prevalent in eight apps, presents a significant privacy risk, allowing real-time image capture without explicit user consent. Additionally, certain permissions, such as READ_PHONE_STATE and GET_TASKS, requested by multiple apps like Bumble, Grindr, Tinder, Christian Singles, SilverSingles, Christian Mingles, and LDS Singles, unveil potential privacy intrusions. The former grants access to sensitive phone details, including numbers and serial numbers, while the latter exposes information about running tasks, creating avenues for unauthorized access to private data. Furthermore, the REQUEST_INSTALL_PACKAGES permission, requested by OkCupid and Tinder, raises concerns about potential malicious package installations, particularly worrisome for older users who may be less tech-savvy.

Prominent dating apps like Match, Tinder, and Bumble have partnered with Garbo to provide users in the U.S. with insights into potential partners’ criminal records (Stardust et al., 2023). However, this initiative is limited to the U.S., and concerns arise regarding the handling of personally identifying information. Our analysis of eHarmony’s password practices revealed weak requirements; we noticed weak password requirements included only five characters long and comprised entirely of letters and numbers which impacted overall password strength (Abbott et al., 2018). A qualitative study shows people are concerned they are not in control of who is aware of their location through online dating applications (Tanner & Singh, 2021). An online dating application Happn shows how many times you have crossed paths with another user based on location history. A set of qualitative interviews found crossed paths for the convenience of meeting and establishing common ground with potential matches (Ma et al., 2017). Although online dating platforms have illustrated the value of location tracking, a study has shown that users can be victims of cybercrime through location-based real-time online dating platforms regardless of the platform, including protective features on user profiles (Centelles et al., 2021).

Limitations and Future Work

We examined the top 10 online dating apps, including one dedicated to older adults (SilverSingles) with a focus on users aged 50 and above. Although we aimed to analyze apps exclusively for users over 65, technical constraints and unavailable open-source code hindered our assessment of apps like OurTime and Academic Singles. To enhance our research, we plan to conduct user studies with older adults through semi-structured interviews and crowdsourced data collection methods, including surveys via Amazon MTurk and Prolific.

Conclusion

Online dating has become a popular way for people of all ages to meet and form romantic connections. However, it is desirable for older adults who may have more difficulty meeting potential partners through traditional means. To understand further, we conducted an in-depth study, performed an application-level security analysis of 10 popular online dating applications, and investigated the privacy policies and the data required to set up an account to determine data collection and usage. We also conducted a static analysis to determine the dangerous permissions requested by these apps. Identifying privacy-related conflicts and issues in online dating challenges that put privacy directly in conflict with other users and providing concrete suggestions for mitigating many significant challenges are two of our other contributions.

Footnotes

Declaration of Conflicting Interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) received no financial support for the research, authorship, and/or publication of this article.

1.

2.

3.

References

Abbott

Calarco

Camp

L. J.

(2018). Factors influencing password reuse: A case study. In Proceedings of the research conference on communications, information and internet policy (TPRC).

Aïmeur

Díaz Ferreyra

Hage

(2019). Manipulation and malicious personalization: Exploring the self-disclosure biases exploited by deceptive attackers on social media. Frontiers in Artificial Intelligence, 2, 26.

Centelles

Powers

R. A.

Moule

R. K.

(2021). An examination of location-based real-time dating application infrastructure, profile features, and cyber victimization. Social Media + Society, 7(3), 20563051211043218.

Cobb

Kohno

(2017). How public is my private life? Privacy in online dating. In Proceedings of the 26th international conference on world wide web, Perth, Australia (pp. 1231–1240).

Farnden

Martini

Choo

K. K. R.

(2015). Privacy risks in mobile dating apps. arXiv preprint arXiv:1505.02906.

for Developers, A. (2024). Permissions on android. Retrieved from https://developer.android.com/guide/topics/permissions/overview#dangerous_permissions/

Frik

Nurgalieva

Bernd

Lee

Schaub

Egelman

(2019). Privacy and security threat models and mitigation strategies of older adults. In Fifteenth symposium on usable privacy and security (soups 2019), California, USA (pp. 21–40).

Gitlow

(2014). Technology use by older adults and barriers to using technology. Physical & Occupational Therapy in Geriatrics, 32(3), 271–280.

Hargittai

Dobransky

(2017). Old dogs, new clicks: Digital inequality in skills and uses among older adults. Canadian Journal of Communication, 42(2), 195–212.

10.

Hasegawa

A. A.

Watanabe

Shioji

Akiyama

(2019). I know what you did last login: inconsistent messages tell existence of a target’s account to insiders. In Proceedings of the 35th annual computer security applications conference, New York, USA (pp. 732–746).

11.

Hutchinson

Shantaram

Karabiyik

(2020). Forensic analysis of dating applications on android and ios devices. In 2020 IEEE 19th international conference on trust, security and privacy in computing and communications (trustcom), Guangzhou, China (pp. 836–847).

12.

Kim

Lee

Kim

(2018). When harry met tinder: Security analysis of dating apps on android. In Nordic conference on secure it systems, Oslo, Norway (pp. 454–467).

13.

Lüders

Brandtzæg

P. B.

(2017). My children tell me it’s so simple’: A mixed-methods approach to understand older non-users’ perceptions of social networking sites. New Media & Society, 19(2), 181–198.

14.

Sun

Naaman

(2017). What happens in Happn: The warranting powers of location history in online dating. In Proceedings of the 2017 ACM conference on computer supported cooperative work and social computing, Oregon, USA (pp. 41–50).

15.

Morgan

J. A.

(2015). Exploring senior citizen perceptions of their cyber data privacy and security (Unpublished doctoral dissertation). Capella University.

16.

Morrison

B. A.

Coventry

Briggs

(2020). Technological change in the retirement transition and the implications for cybersecurity vulnerability in older adults. Frontiers in Psychology, 11, 623.

17.

Mosley

M. A.

Lancaster

Parker

M. L.

Campbell

(2020). Adult attachment and online dating deception: A theory modernized. Sexual & Relationship Therapy, 35(2), 227–243.

18.

Nicholson

Morrison

Dixon

Holt

Coventry

McGlasson

(2021). Training and embedding cybersecurity guardians in older communities. In Proceedings of the 2021 chi conference on human factors in computing systems, Yokohama, Japan (pp. 1–15).

19.

Obada-Obieh

Chiasson

Somayaji

(2017). “Don’t break my heart!”: User security strategies for online dating. In Workshop on usable security (usec), California, USA (pp. 1–6).

20.

Pew Research Center (2023). Dating at 50 and up: Older Americans’ experiences with online dating. Retrieved January 22, 2024, from https://www.pewresearch.org/short-reads/2023/07/17/dating-at-50-and-up-older-americans-experiences-with-online-dating/

21.

Phan

Seigfried-Spellar

Choo

K.-K. R.

(2021). Threaten me softly: A review of potential dating app risks. Computers in Human Behavior Reports, 3, 100055.

22.

Rowe

(2021). Educating senior citizens about the dangers of cyber threats (Unpublished doctoral dissertation). Utica College.

23.

Shen

Qiu

Kaur

Xiao

Xia

(2022). Trust-aware detection of malicious users in dating social networks. IEEE Transactions on Computational Social Systems, 10, 2587–2598.

24.

Shetty

Grispos

Choo

K.-K. R.

(2017). Are you dating danger? An interdisciplinary approach to evaluating the (In)Security of android dating apps. IEEE Transactions on Sustainable Computing, 6(2), 197–207.

25.

Stardust

Gillett

Albury

(2023). Surveillance does not equal safety: Police, data and consent on dating apps. Crime Media Culture, 19(2), 274–295.

26.

Stephure

R. J.

Boon

S. D.

MacKinnon

S. L.

Deveau

V. L.

(2009). Internet initiated relationships: Associations between age and involvement in online dating. Journal of Computer-Mediated Communication, 14(3), 658–681.

27.

Suciu

(2021, May 14). Seniors are using dating apps, and tinder leads the pack. Retrieved January 22, 2024, from https://www.forbes.com/sites/petersuciu/2021/05/14/seniors-are-using-dating-apps-and-tinder-leads-the-pack/?sh=21ace6c42dd5

28.

Tanner

Singh

(2021). The influence of locus of control in the actualisation of mobile dating applications affordances to mitigate privacy and security concerns. In European, Mediterranean, and middle eastern conference on information systems, Dubai, United Arab Emirates (pp. 333–345).

29.

United Nations (2020). World population ageing 2020 highlights. Retrieved from https://www.un.org/development/desa/pd/news/world-population-ageing-2020-highlights

30.

Vandeweerd

Myers

Coulter

Yalcin

Corvin

(2016). Positives and negatives of online dating according to women 50+. Journal of Women & Aging, 28(3), 259–270.

31.

Wada

Hurd Clarke

Rozanova

(2015). Constructions of sexuality in later life: Analyses of Canadian magazine and newspaper portrayals of online dating. Journal of Aging Studies, 32, 40–49.

32.

Wang

(2018). Privacy preservation for dating applications. Procedia Computer Science, 129, 263–269.

33.

Weltevrede

Jansen

(2019). Infrastructures of intimate data: Mapping the inbound and outbound data flows of dating apps. Computational Culture, 7(7).

Aging Safely Online: Unpacking Privacy & Security of Online Dating for Older Adults

Abstract

Keywords

Introduction

Related Work

Method

Findings and Discussion

Limitations and Future Work

Conclusion

Footnotes

Declaration of Conflicting Interests

Funding

1.

2.

3.

References