Safe love in the digital age. What dating apps know about us?

With Valentine’s Day right around the corner, we can already hear the distant sounds of keyboards clacking and thumbs frantically swiping right!

If you’re one of those people scrambling for a last minute date via a dating app, your personal data is probably the last thing on your mind. But, according to a 2020 study by Pew Research, 57% of online daters are concerned about the collection of their personal data, so perhaps you should be too.

Dating apps are hugely popular and are clearly here to stay (the pandemic has only solidified this trend). According to a 2019 survey by Stanford University, meeting online has become the most popular way for US couples to connect.

This article aims to answer one simple question: just how safe is digital dating in terms of your data? Let’s take a look.

Putting the data in dating

It’ll hardly be a shock to anyone that amassing huge amounts of user data is part and parcel of how dating apps operate. This means that, unless new business models emerge, when you go onto a dating app you should expect them to collect a lot of your data.

How do dating apps use your data?

Online dating companies swear blind that none of your data is sold to third parties. That may be so, but it doesn’t stop them from using it themselves.

There are two main ways your data is likely to be used. Firstly, to show you ads that are (hopefully) relevant to you – after all, that’s how they make their money. And secondly, to match you with potential partners using big data algorithms.

In addition, like most other tech platforms these sites are obliged to hand over your data to the government or law enforcement in the case of suspected criminal activity.

These are the basics of how your data gets used. But look for a more specific answer and things get murkier.

You see, online dating services aren’t exactly known for their willingness to play ball when it comes to explaining how their algorithms use your data. In fact, they treat these algorithms as, in the words of a Tinder spokesperson, “proprietary tools” that are “a core part of our technology and intellectual property”. In other words, we’re not going to tell you how these algorithms use your data.

According to Wired, dating app algorithms are typically based on a combination of stated preferences and something called “collaborative filtering”. This is where the algorithm tracks who similar users have said yes or no to, and looks for patterns that could be applied to you.

But beyond this, the simple answer to the question, “How do dating apps use your data?” is: we don’t know.

There might be some ways to find out. For example, you could request your data to be shared with you via frameworks like the EU’s General Data Protection Regulation (GDPR) – in 2017, a journalist received 800 pages of data from Tinder on themselves after making a request like this.

What types of data are dating companies collecting?

So, we’re still a bit in the dark as to how your data might be used. But we do know more about the volume and types of data these apps are likely to collect.

In terms of volume, the numbers are mind boggling – eHarmony alone currently stores around 25 terabytes of data on its servers!

But let’s take a closer look at two important types of data being collected.

Signup / profile data

You’ll need to give a phone number at signup, or sign up using Facebook or another social media account. Choosing the latter option means your pictures will be uploaded to the app by default.

All the data you provide in your profile (age, occupation, political views, etc.) will be stored on the platform. If you link your Instagram and Spotify accounts to the app, your images and favourite music will be pulled automatically.

Location data

Some apps (Mamba, Badoo, OkCupid, Pure, and Feeld) allow users to enter their location data manually, rather than enabling the GPS function, which reduces the chances of unwanted approaches in “meatspace”.

And many allow third-party GPS spoofing apps like AnyGo or iMoveGo. These provide some extra privacy. On the other hand, they could enable malicious characters to change their location data, then by marking the new distance from a desired user they can work out their actual location.

Most services provide a decent margin of error in terms of your exact location. But some (e.g., Mamba) are accurate down to the nearest meter, which might be a bit scary.

Tinder and Bumble require access to location data, but disallow third-party GPS spoofing software, and Happn even has a function that allows you to see how many times (and where) you’ve crossed paths with other users. Yikes – stalker alert!

What are the risks?

The risks associated with dating apps – everything from theft of login credentials and payment scams to “sextortion” and stalking – depend on three things: 1) how much data you’re required to provide; 2) how much you’re willing to disclose; and 3) the security protocols implemented by the platforms themselves.

In terms of security protocols, it’s worth noting that all dating apps currently use secure data transfer protocols. This makes it very difficult to intercept other users’ messages, and helps to prevent so-called man-in-the-middle (MITM) attacks.

You should also be aware that messages and cached images in most Android apps are stored on your device. This makes you vulnerable to Remote Access Trojan (RAT) attacks if the device has superuser (root) access rights. These attacks are quite rare, but just to be on the safe side, make sure you delete any unnecessary messages and images on a regular basis.

What about the amount of data you voluntarily share?

Well, the first choice you have is whether to link to your social media accounts. If you choose to do this, malicious users might gain access to your dating matches, home addresses, and other sensitive data (depending on your social media privacy settings).

Then it comes down to what you say and do on the dating app. It’s worth remembering that, unlike other services you use (Spotify for example), the data you share on dating apps is likely to be highly personal. The journalist who received 800 pages of data from Tinder saw in those pages, “My hopes, fears, sexual preferences and deepest secrets”. What if these were leaked?

Recommendations

“First of all, you should probably take a slight hit to matching accuracy and don’t share too much personal information,” said Justina Tamulevičiūtė, Risk Manager at Nord Security. “This includes entering your location manually, provided the dating app in question allows it. Next, always use two-factor authentication and delete or hide your profile when no longer in use to prevent any unauthorised tampering – you don’t want your old profile to be hijacked and turned into, say, a gambling ad farm. You should also take advantage of regulations like the GDPR to see what data dating apps have on you. Last but not least, use strong, unique passwords for extra protection”.

What does the future hold?

Looking into our dating app crystal ball, there are both positive trends and causes for concern.

On the positive side, the growing popularity of these platforms also means greater scrutiny of their practices. A case in point is the dating app security report published in 2021 by SecureList, which identified substantial progress in many key areas. These include more secure data transfer protocols, openness regarding past failures, and even “bug bounty” programmes that encourage “ethical hackers” to sniff out potential vulnerabilities.

Another positive trend is the growth of “matchmaking” rather than dating sites, many of which feature more human input, making the process less dependent on the whims and data usage of an algorithm.

But one big potential negative to look out for concerns these apps’ business models. As researchers who worked with one dating app recently pointed out in Harvard Business Review, the freemium model used by most dating apps is hard to monetize. This means these businesses are constantly trying to balance growing their network vs growing their profits. Might some of them turn to selling (as opposed to just sharing) your data with 3rd parties to balance their books?

Just like the question itself of how dating apps use your data, a lot remains unclear.

But, however you find your date this Valentine’s Day, remember to be careful as to how much data you share. You never know who might be using it.