nach oben

Erschienen in:

2018 | OriginalPaper | Buchkapitel

When Harry Met Tinder: Security Analysis of Dating Apps on Android

verfasst von : Kuyju Kim, Taeyun Kim, Seungjin Lee, Soolin Kim, Hyoungshick Kim

Erschienen in: Secure IT Systems

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

As the number of smartphone users has increased, so has the popularity of dating apps such as Tinder, Hinge, Grindr and Bumbler. At the same time, however, many users have growing privacy concerns about these applications disclosing their sensitive and private information to other service providers and/or strangers. This is particularly exacerbated due to the nature of dating apps requiring access to users’ personal contents such as chat messages, photos, video clips and locations. In this paper, we present an analysis of security and privacy issues in popular dating apps on Android. We carefully analyze the possibility of software vulnerabilities on the five most popular dating apps on Android through network traffic analyses and reverse engineering techniques for each dating app. Our experiment results demonstrate that user credential data can be stolen from all five applications; three apps may lead to the disclosure of user profiles, and one app may lead to the disclosure of chat messages.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel A Uniform Information-Flow Security Benchmark Suite for Source Code and Bytecode

Nächstes Kapitel Threat Poker: Solving Security and Privacy Threats in Agile Software Development

Tinder: https://tinder.com/.

Amanda: http://amanda.co.kr/.

Glam: http://www.glam.am/.

DangYeonsi: https://www.facebook.com/DangYeonsi.

Noondate: http://noondate.com/.

http://repo.xposed.info/.

Android app ranking. https://www.appannie.com. Accessed 25 Mar 2018

Fiddler. https://www.telerik.com/fiddler. Accessed 4 July 2018

Frida. https://www.frida.re/. Accessed 4 July 2018

Online dating apps growing. https://www.statista.com/outlook/372/100/online-dating/worldwide. Accessed 4 July 2018

Tinder Hits \$3 Billion Valuation After Match Group Converts Options. https://www.forbes.com/sites/stevenbertoni/2017/08/31/tinder-hits-3-billion-valuation-after-match-group-converts-options/. Accessed 4 July 2018

Tinder personal data. https://www.theguardian.com/technology/2017/sep/26/tinder-personal-data-dating-app-messages-hacked-sold. Accessed 4 July 2018

tPacketCapture. https://play.google.com/store/apps/details?id=jp.co.taosoftware.android.packetcapture. Accessed 4 July 2018

Au, K.W.Y., Zhou, Y.F., Huang, Z., Lie, D.: Pscout: analyzing the android permission specification. In: Proceedings of the Conference on Computer and Communications Security (2012)

Carman, M., Choo, K.-K.R.: Tinder me softly – how safe are you Really on Tinder? In: Deng, R., Weng, J., Ren, K., Yegneswaran, V. (eds.) SecureComm 2016. LNICST, vol. 198, pp. 271–286. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59608-2_15CrossRef

10.

Cho, J., Kim, D., Kim, H.: User credential cloning attacks in android applications: exploiting automatic login on android apps and mitigating strategies. IEEE Consum. Electron. Mag. 7(3), 48–55 (2018)CrossRef

11.

Cobb, C., Kohno, T.: How public is my private life?: privacy in online dating. In: Proceedings of the 26th International Conference on World Wide Web (2017)

12.

Enck, W., et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. 32(2), 5 (2014)CrossRef

13.

Farnden, J., Martini, B., Choo, K.K.R.: Privacy risks in mobile dating apps. In: Proceedings of 21st Americas Conference on Information Systems (2015)

14.

Fuchs, A.P., Chaudhuri, A., Foster, J.S.: Scandroid: Automated security certification of android. Technical report (2009)

15.

Hoang, N.P., Asano, Y., Yoshikawa, M.: Your neighbors are my spies: Location and other privacy concerns in GLBT-focused location-based dating applications. In: Proceedings of 19th International Conference on Advanced Communication Technology (2017)

16.

Kim, J., Kim, K., Cho, J., Kim, H., Schrittwieser, S.: Hello, Facebook! Here is the stalkers’ paradise!: design and analysis of enumeration attack using phone numbers on facebook. In: Liu, J.K., Samarati, P. (eds.) ISPEC 2017. LNCS, vol. 10701, pp. 663–677. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-72359-4_41CrossRef

17.

Li, L., et al.: Iccta: detecting inter-component privacy leaks in android apps. In: Proceedings of the 37th International Conference on Software Engineering (2015)

18.

Li, M., et al.: All your location are belong to us: breaking mobile social networks for automated user location tracking. In: Proceedings of the 15th International Symposium on Mobile ad hoc Networking and Computing

19.

Lutz, C., Ranzini, G.: Where dating meets data: investigating social and institutional privacy concerns on tinder. Sage Social Media + Society (2017)

20.

Nguyen, D.C., Wermke, D., Acar, Y., Backes, M., Weir, C., Fahl, S.: A stitch in time: supporting android developers in writingsecure code. In: Proceedings of the Conference on Computer and Communications Security (2018)

21.

Patsakis, C., Zigomitros, A., Solanas, A.: Analysis of privacy and security exposure in mobile dating applications. In: Boumerdassi, S., Bouzefrane, S., Renault, É. (eds.) MSPN 2015. LNCS, vol. 9395, pp. 151–162. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-25744-0_13CrossRef

22.

Shetty, R., Grispos, G., Choo, K.K.R.: Are you dating danger? an interdisciplinary approach to evaluating the (In)security of android dating apps. IEEE Trans. Sustain. Comput. (2017)

23.

Tam, K., Khan, S.J., Fattori, A., Cavallaro, L.: CopperDroid: automatic reconstruction of android malware behaviors. In: Proceedings of the Network and Distributed System Security Symposium (2015)

24.

Wang, S., State, R., Ourdane, M., Engel, T.: Riskrank: security risk ranking for ip flow records. In: Proceedings of the 6th International Conference on Network and Service Management (2010)

25.

Wei, X., Gomez, L., Neamtiu, I., Faloutsos, M.: ProfileDroid: multi-layer profiling of android applications. In: Proceedings of the 18th Annual International Conference on Mobile Computing and Networking (2012)

26.

Wondracek, G., Holz, T., Kirda, E., Kruegel, C.: A practical attack to de-anonymize social network users. In: Proceedings of the 31st Symposium on Security and Privacy (2010)

27.

Yang, Z., Yang, M.: LeakMiner: detect information leakage on android with static taint analysis. In: Proceedings of the 3rd World Congress on Software Engineering (2012)

28.

Yang, Z., Yang, M., Zhang, Y., Gu, G., Ning, P., Wang, X.S.: Appintent: analyzing sensitive data transmission in android for privacy leakage detection. In: Proceedings of the 20th Conference on Computer & Communications Security (2013)

29.

Zhao, M., Zhang, T., Ge, F., Yuan, Z.: RobotDroid: a lightweight malware detection framework on smartphones. Citeseer J. Netw. 7(4), 715 (2012)

30.

Zhao, Z., Osono, F.C.C.: “TrustDroid$^{TM}$”: preventing the use of smartPhones for information leaking in corporate networks through the used of static analysis taint tracking. In: Proceedings of the 7th International Conference on Malicious and Unwanted Software (2012)

31.

Zhu, H., Xiong, H., Ge, Y., Chen, E.: Mobile app recommendations with security and privacy awareness. In: Proceedings of the 20th SIGKDD International Conference on Knowledge discovery and data mining (2014)

Titel: When Harry Met Tinder: Security Analysis of Dating Apps on Android
verfasst von: Kuyju Kim
Taeyun Kim
Seungjin Lee
Soolin Kim
Hyoungshick Kim
Verlag: Springer International Publishing
Buch: Secure IT Systems
Print ISBN: 978-3-030-03637-9

Electronic ISBN: 978-3-030-03638-6

Copyright-Jahr: 2018
DOI: https://doi.org/10.1007/978-3-030-03638-6_28

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner