14 DAY TRIAL // Most of today's top dating apps listed on the official Google Play Store aren't really that secure, says Min Pyo Hong, CEO and founder of SEWORKS, a San Francisco-based security solutions company.
Mr. Hong says that his company's security experts selected five random apps among the Top 10 dating apps listed on Google Play.
His researchers found it extremely easy to decompile these apps using decompilation tools that can be freely downloaded online. This process allowed the researchers easy access to the app's source code, which in turn allows a hacker to modify and re-compile the app to exhibit malicious behavior.
Android dating apps have no decompilation protections, don't obfuscate code
All of the five tested apps were easy to decompile. Additionally, none of their source code was obfuscated, meaning the code and comments were easy to read once decompiled.
Even worse, Mr. Hong says that in the case of some of these dating apps, their developers left hard-coded login credentials for various servers they were using for the app's backend.
SEWORKS researchers found credentials to Facebook Parse accounts and Taplytics, a third-party mobile analytics provider and A/B testing platform.
By leaving these login details inside the source code, any hacker that had the brains to decompile the app and look at the code would have had access to the app's backend where user information and even financial details could be discovered.
Many dating apps had security issues in the past
This analysis is not the first time when a dating app gets exposed. In November last year, Pay4Bugs CEO & Founder Larry Salibra found a trove of security issues in the Tantan iOS app, a so-called Chinese Tinder clone.
A month later, developers of the Hzone dating app for HIV-positive singles have forgotten to secure a MongoDB server used for the app's backend, exposing details for 5,027 users.
A broader research study that analyzed the state of Android app repackaging and reverse-engineering in the Google Play store, also from SEWORKS, was published last November.