TechnologyCrunch A group of researchers from KU Leuven University in Belgium identified six popular dating apps that malicious users can use to determine the near-exact location of other users. The dating apps, including Hinge, Happn, Bumble, Grindr, Badoo and Hily, exhibited some form of “trilateration” that could expose users’ approximate locations, prompting some of the apps to take action and beef up their security, according to the report. The published article.
The term “trilateration” refers to a three-point measurement used in GPS to determine the relative distance to a target. All six of the applications mentioned fall into one of three categories of “trilateration,” including “exact distance trilateration,” where a target is accurate to “at least 111 m by 111 m square (at the equator),” “rounded distance trilateration,” or “oracular trilateration,” where distance filters are used to approximate a rounded area much like a Venn diagram.
Grindr is “amenable to exact distance trilateration,” while Happn falls under “rounded distance trilateration.” The remaining four fall under “oracle trilateration,” though Hinge and Hily hide their users’ distances, according to the article.
Karel Dhondt, one of the researchers involved in the study, said TechnologyCrunch that a malicious user could locate another user up to “2 meters” away using oracle trilateration. This method involves the malicious user making a rough estimate of the victim’s location based on their profile and working in increments until the victim is no longer nearby across three different positions and triangulating the data to a single point.
Bumble’s vice president of global communications, Gabrielle Ferree, told the website that it “quickly resolved the issues described” with its distance filter last year. Hily co-founder and CTO Dmytro Kononov said in a statement that an investigation revealed “a potential possibility of trilateration,” but “exploiting this for attacks was impossible.”
Happn CEO and President Karima Ben Adelmalek said: TechnologyCrunch They discussed trilateration with Belgian researchers. He says that an additional layer of protection designed to prevent trilateration “was not taken into account in their analysis.”
Grindr's chief privacy officer, Kelly Peterson Miranda, said users can turn off distance display from their profile. She also noted that “Grindr users are in control of the location information they provide.” Badoo and Hinge did not respond with a comment.
Other dating apps have taken extra steps to ensure their users are talking to real people and not spambots or fake accounts. In February, Tinder began requiring users in the United States, the United Kingdom, Brazil and Mexico to upload a copy of an official driver’s license or passport along with a video selfie as part of a new advanced identity verification system.
