Vulnerability in Dating App Bumble Leaked Users’ Exact Location

bumble

Whilst there are many fun and useful things to admire about modern technology, people are also becoming acutely aware that convenience has a secret cost. We give our phones a lot of information, but we don’t really know who’s monitoring it or what they’re doing with our data. A couple of examples: supremely daft game Angry Birds worked out which of their users also downloaded gay dating apps; and an app that tracks menstrual cycles sold data which told the buyer if users were interested in getting pregnant, or had abortions or miscarriages. Whatever your stance on sexuality or family planning, it seems pretty clear that these are private things that affect individuals and should be shared at their discretion, not because a giant (and shady) company decided that this was their information to disseminate.

Another concern is location-sharing. It’s comical, really: people of my son’s age were raised when computers were becoming more widely used, and the first thing that they were told is that we should never, ever give out our address online. That’s still good advice, but perhaps better advice would be “be careful when using an app that can access your location, because that’s basically the same as sharing your address”. 

Now it’s 2021. A lot of single people (and a few not-so-single people) use location-based dating apps that let you know if there is anyone who’d like to date you, and how far away they are. It’s a convenient way to get laid. It shouldn’t put you in danger. However, software engineer and hacker Robert Heaton has found a way to locate someone using technology from Bumble.

I’m going to be honest: I don’t really understand how he did it. There was some garbled techno-speak and a step-by-step guide, but eventually his words faded into static, like an old TV. If you’ve watched Mr Robot or listened to anyone talk about cryptocurrency, you’ll know the feeling. It doesn’t matter how he did it, though: the important thing is, that with a few hours and a bit of dedication, Heaton was able to find the exact and current location of his mark.

I think I should be clear: Heaton told Bumble about his method and they gave him some money and made changes to make sure that this won’t happen again. Or at least, Heaton’s method wouldn’t work. We all know that hackers love a challenge and could probably do this again, if they want to. In the past, hackers have accessed information stored by the US military, NASA, Apple, the NHS, and numerous dating apps.

So perhaps it’s not about keeping data secure. Perhaps instead we should ask why these apps are so determined to know so much about us. I don’t see why I need to share my exact location with a dating app: a ZIP code or the name of a town or city would work just as well. If you’re travelling to a different area and want to hook up  when you’re away, you could add a temporary location so you don’t need to miss out on any of the fun. It’s not necessary for Bumble (or any other dating app) to tell me how many miles away another person is, I just want to know that I can get to them, so long as they give me consent and we arrange to meet up.

Much like my desire to keep my sexual orientation and menstrual cycle private (ok, I don’t menstruate, but that’s not the point), I also don’t think that random people should be able to access my location. Those are just my musings as an individual. It gets much, much worse when you think about how this could be used to harm people in (or leaving) abusive relationships or anyone who is being stalked. It’s yet another way to keep tabs on someone without their knowledge or consent, which is simply unacceptable and absolutely dangerous. Dating apps have a responsibility to keep their users safe from those who would harm them, and this includes storing their data safely and considering how much information they really need.

This leaves us in an uncomfortable position. We all know that the world isn’t perfect and that the way things should be isn’t always how they are. I want to be able to find love (or sex) on a dating app, and I want my information to be secure and my safety prioritised by anyone who wants access to it. I don’t know if I’ll delete Bumble based on this story, but I can see why someone might. If you do choose to remain there, consider looking into keeping your location obscure or pressuring Bumble to make this an option. It’ll be better for everyone.

Leave a Reply

Your email address will not be published. Required fields are marked *