Dating apps can get pretty intimate with your data
Cuffing season, it turns out, is that time of year when singles hunker down with someone to keep them warm — temporarily. And Valentine’s Day more or less marks the end of it. So people are about to start flocking back to their dating apps.
They should know, though, that a lot of those apps are eager to vacuum up their personal data. Adrianus Warmenhoven, cybersecurity expert at NordVPN, told Marketplace’s Lily Jamali that metadata is among the tools apps can use to determine a person’s whereabouts and create a profile of the way they live.
The following is an edited transcript of their conversation.
Adrianus Warmenhoven: When you install the app, your operating system says, “This app wants to use your microphone or your audio.” And you, as the user, say, “Yeah, sure.” And dating apps actually ask for a lot of permissions. Some even are dangerous because they are system-level. Some are highly questionable, like biometric data. A lot of them just ask a lot of you, and they put it under the guise of, “Well, the more we know about you, the easier it is for us to find your match.”
Lily Jamali: And I think we’re all familiar with the idea that these apps are collecting our data. But get specific with me. What are some of the different types of data that are being collected?
Warmenhoven: One is location, access to your messaging and an important thing that people don’t realize is that there’s a lot of metadata. And metadata is a really dangerous thing because people have no feel or concept of it. But when you write a message, it has a timestamp and it probably has a location stamp. So with metadata, it can tell you what time is this person active. So you can build a whole profile of how a person actually lives. And if you have allowed GPS, you can see where they sleep. And if you have an idea where they sleep and you see GPS data for, like, eight hours in some other place, you know where they work.
Jamali: Can you give us the top two or three specific dating apps that you would describe as being particularly invasive?
Warmenhoven: That will be Tinder and Grindr. They ask for a lot more, also for messaging. And then there’s in-app browsing, where you can have the heat map of where a user clicks. [They] have permissions of the photos, the videos, the voice, the biometrics, the GPS location to find location permissions, and especially that one is the one that worries me a lot. But any app can also see what other apps are installed. So you can also get a lot of extra information there.
Jamali: What are the implications of this data being collected by online dating companies?
Warmenhoven: One is, of course, building this whole profile and monetizing this profile. These profiles can be just sold for advertising. But it can also be sold for political gains. So if you’re in a country that has, for instance, less LGBT protections, and you have GPS data, if you buy it from one of these dating apps as a government, you will know where a lot of these people can be found. So that will be a really bad idea.
Jamali: So a lot of us are accustomed to downloading these apps and accepting the terms of service. This also applies to granting permissions for notifications and things like that. I think you’d agree, we don’t always know what we’re giving platforms permission to do. So how can we get smarter about this?
Warmenhoven: Well, the first thing would be, especially on Android’s app store, there’s already this page About this app. And this will tell you in advance what permissions this app actually seeks. But what we can also do is, really, look online on privacy sites and get some reviews of a specific app. But in app stores, you can just easily click on the “About this app” and see that it wants to have your camera, your location. And you have to ask yourself, does it really need to do that, need to have that to do the function that it actually wants to do?
Jamali: I’m sorry, are you suggesting that I actually read the terms of service?
Warmenhoven: Well, the terms of service reading, I see as kind of hard work. A print of the Apple terms of service, [is] I think about 7 or 8 meters high. Most people don’t read books that long. Legally, you should because when you give consent, it’s a legally binding “yes” and you give permission. But in reality, I don’t know anyone except some privacy people I know who really have a hobby of reading those things. I don’t really know anyone, including myself, that ever reads these things.
Jamali: Is the onus on us, the user, or is this something bigger that might need some regulation?
Warmenhoven: I think it’s both. I also think that the politicians, the law, should put some more pressure on not just the app vendors, but also the whole social media, the platform owners, to protect their customers a bit more. Because they actually know, [but] act really surprised as if they don’t know, that all their users will just speed through any type of consent. But everybody in there, because they’re just the same humans as you and I are, would be really weird if they had lived in a parallel universe where they didn’t do the same thing. They know how they are. They know how the customers are, so looking surprised, Pikachu face, when somebody says, “Yeah, you really should do something about your app permissions.” Politics can really do, do something here.
Jamali: Pikachu face, I love that. I’m going to practice my Pikachu face. For those who already have dating apps installed on their phones, how would you recommend going into settings and checking that only necessary permissions are enabled?
Warmenhoven: I actually use the phone settings; you have to switch settings. And I really disable things like GPS, [near field communication], Bluetooth. And you have to be more conscious about what the app wants to do with your mobile phone. Think, “All right, I want to have a video chat with somebody,” then [it] obviously means I need to get permission for video, but not at any other moments around it. So when it asks, just by starting the app, “Give me video permission,” say no.
In 2017, a reporter at The Guardian requested her personal data from the dating app Tinder. She got back 800 pages of what she called “her deepest, darkest secrets.” That information included her Facebook likes, locations of photos on Instagram, which she then deleted. Also her education and the age-rank of men she was interested in. Plus, where each of her online conversations with matches had occurred.
A Dartmouth sociologist noted in the piece that we’re lured into giving away a lot of information about ourselves online. Seeing it printed out, though, is pretty creepy.
Stories You Might Like
The future of this podcast starts with you.
Every day, the “Marketplace Tech” team demystifies the digital economy with stories that explore more than just Big Tech. We’re committed to covering topics that matter to you and the world around us, diving deep into how technology intersects with climate change, inequity, and disinformation.
As part of a nonprofit newsroom, we’re counting on listeners like you to keep this public service paywall-free and available to all.
Support “Marketplace Tech” in any amount today and become a partner in our mission.
