Bumble and Hinge Let Creeps See Your Exact Location

It was way too easy for these researchers to figure this out.

White Hat Daters

It doesn't take much work for creepazoids to detect your exact location on dating apps, a new study from a group of privacy-minded researchers shows.

In a paper out of Belgium's Katholieke Universiteit Leuven, researchers found that among 15 dating apps they'd analyzed, several — including Bumble, Hinge, and Grindr — had alarmingly simple vulnerabilities that would allow bad actors to essentially triangulate a target's location down to a few meters.

These vulnerabilities are, generally speaking, associated with what's known as "trilateration." As the name suggests, this method — which is often utilized by GPS apps — exploits multiple accounts to create overlapping circles a la Kamala Harris' favorite type of diagram, and then estimating a smartphone's location from there.

While apps knowing where you are generally located is helpful when trying to date locals, a few simple techniques allow those with ulterior motives beyond sex and romance to figure out far more precisely where their "victims," as the researchers call them, are posted up.

Zoom In

As anyone who's ever used Grindr knows, that app's GPS targeting has historically been very, very precise, which ultimately results in what's categorized as "exact distance trilateration." In the past, Grindr has been found by other researchers to be especially vulnerable to bad actors working in collusion with each other to "bound" a third user's location and try to pinpoint where they are — which in rural areas or other parts of the world where queerness is criminalized could be extremely dangerous.

For other apps, however, the location sharing is most often more general to protect user safety, but using what's called "oracle trilateration," creeps can infer beyond general location — like the city a user is in — to more precisely where a target is located.

"Initially, the adversary roughly estimates the victim’s location... and places themselves in this location to be within proximity," the paper explains. "The attacker then incrementally moves themselves until the oracle indicates that the victim is no longer within proximity, and this for three different directions. The attacker now has three positions with a known exact distance... and can trilaterate the victim."

As TechCrunch reports, all the apps that the KU Leuven researchers contacted ended up changing their distance filters to head off this sort of sketchiness — but it's still pretty jarring that it took a step-by-step revelation of these vulnerabilities to get them to do so.

"It was somewhat surprising that known issues were still present in these popular apps," bemoaned Karel Dhondt, one of the KU Leuven researchers who worked on the paper, in an interview with TechCrunch.

More on dating apps: Catholic Priest Sues Grindr After He Gets Caught Using It