Your Neighbors Are My Spies: Location and other Privacy Concerns in Dating Apps

TL;DR

This paper investigates the effectiveness of privacy protections in popular dating apps like Jack'd and Grindr against trilateration attacks that threaten user location privacy.

Contribution

It evaluates current privacy measures in dating apps and assesses their ability to prevent location inference through trilateration.

Findings

Most apps' privacy protections are insufficient against trilateration attacks.

The 'hide distance' feature does not fully prevent location inference.

Potential improvements for privacy in location-based dating apps.

Abstract

Trilateration has recently become one of the well-known threat models to the user's location privacy in location-based applications (aka: location-based services or LBS), especially those containing highly sensitive information such as dating applications. The threat model mainly depends on the distance shown from the targeted victim to the adversary to pinpoint the victim's position. As a countermeasure, most of location-based applications have already implemented the "hide distance" function to protect their user's location privacy. The effectiveness of such approaches however is still questionable. Therefore, in this paper, we first investigate how popular location-based dating applications are currently protecting their user's privacy by testing the two most popular GLBT-focused applications: Jack'd and Grindr.