D list dating
In addition, the module sends the server information about which app functions the victim is currently using.
It should be noted that in the i OS version of Paktor all traffic is encrypted.
Some apps only allow users with premium (paid) accounts to send messages, while others prevent men from starting a conversation.
These restrictions don’t usually apply on social media, and anyone can write to whomever they like.
Most of the applications use SSL when communicating with a server, but some things remain unencrypted.
For example, Tinder, Paktor and Bumble for Android and the i OS version of Badoo upload photos via HTTP, i.e., in unencrypted format.
As a result, an attacker can end up with the email addresses not only of those users whose profiles they viewed but also for other users – the app receives a list of users from the server with data that includes email addresses.
This problem is found in both the Android and i OS versions of the app. Some of the apps in our study allow you to attach an Instagram account to your profile.
During our research, we also checked what sort of data the apps exchange with their servers.
We’re talking here about intercepting and stealing personal information and the de-anonymization of a dating service that could cause victims no end of troubles – from messages being sent out in their names to blackmail.
We took the most popular apps and analyzed what sort of user data they were capable of handing over to criminals and under what conditions.
The information extracted from it also helped us establish real names: many people on Instagram use their real name, while others include it in the account name.
Using this information, you can then find a Facebook or Linked In account.This allows an attacker, for example, to see which accounts the victim is currently viewing.