The more that Americans work (and consequently drink), bring their devices to work (BYOD), and prepare for Valentines Day, the more companies are at risk of having sensitive corporate data stolen through dating apps.
A report released by IBM said that over 60 percent of 41 tested dating apps had either medium or high security vulnerabilities. The study tested apps running on Android, which had security issues in the past with malicious programs being available on Google Play.
More frighteningly, IBM said that infected apps could potentially download malware, track movements via GPS, hijack the user’s dating profile, steal credit card numbers, or even access and control the phone’s microphone or camera.
Dating apps have exploded in popularity, and according to a 2013 Pew Research study, 38 percent of people that are “single and looking” have used a dating site or mobile app.
The easy-to-use and swipe-controlled Tinder is an example of a mobile app that could easily be installed on a company phone. Tinder’s former CEO Sean Rad said in 2014 that users swipe through 1.2 billion profiles a day.
Be careful of who you trust
But the disconnect between mobile apps and the access they offer to users’ personal information has grown.
“Many consumers use and trust their mobile phones for a variety of applications. It is this trust that gives hackers the opportunity to exploit vulnerabilities like the ones we found in these dating apps,” said Caleb Barlow, Vice President of IBM Security.
Tinder has already been the target of criticism over briefly exposing users’ locations, but it wasn’t one of the vulnerable apps listed by IBM.
InterActiveCorp (IAC), which owns Tinder and other popular dating apps like Match and OkCupid, said in an email to Reuters that it received the report from IBM, and that its apps didn’t have the “cited vulnerabilities.”
Protection is important
At this point, it can’t be emphasized enough that a comprehensive BYOD plan is necessary for companies. IBM recommends that companies educate their employees about where to download apps and what sites to trust, to set up triggers to warn the company if a device has a malicious program, and to take advantage of enterprise mobility management (EMM) and IBM’s mobile threat management (MTM).
“Consumers need to be careful not to reveal too much personal information on these sites as they look to build a relationship. Our research demonstrates that some users may be engaged in a dangerous trade-off – with increased sharing resulting in decreased personal security and privacy,” Barlow said.
Another way of protecting the security of the devices your employees use is to adopt a mobile device management software solution. These applications allow you to keep track of company mobile devices, with many offering monitoring and security features to give you control over your mobile inventory and to help protect your corporate data.