Over the last decade, dating apps such as Tinder, Badoo, Grindr and Bumble have gone from being a novelty to a widely used digital tool, with millions of users seeking romantic, social or casual relationships.
However, this exponential growth has brought with it significant challenges in terms of cybersecurity and data privacy. These platforms handle highly sensitive information (location, photos, personal preferences), making them an attractive target for cybercriminals.
Carried out by Hello Hello Sol Montejano Andy Rodríguez | César Mendoza
Programme Cybersecurity Master
Technologies Flutter | Firebase | OWASP | SHA-256 | AES-256
What is the motivation?
The project aims to mitigate emerging cybersecurity and privacy risks in dating apps, which have become a major channel for forming relationships, given that they handle highly sensitive information.
Program aims
- Identify the main cybersecurity risks which affect these applications and their impact on user privacy.
- To research international regulations and best practice in data protection for mobile applications.
- Create a prototype of a dating app with a focus on security, in line with the OWASP Top 10 guidelines.
- To provide preventive measures and best practice so that both users and developers can strengthen their defences against common threats.
Methodology
To develop the «Citas App» prototype, a defence architecture in-depth (client-server) with a modular, layered design. The client (front-end) was built using Flutter, whilst the simulated back-end handled the security logic and data storage.
OWASP-based security strategy
The prototype was divided into modules addressing different aspects of security, in line with the OWASP principles:
- Authentication and Access Control (OWASP A01, A07).
- Identity Verification (OWASP A04, A08).
- Data Protection and Configuration (OWASP A02, A03, A05).
- Vulnerability Monitoring and Management (OWASP A06, A10).
Results
A survey of dating app users revealed a poor culture of cybersecurity and a high level of risk exposure. 76% of those surveyed have received suspicious messages or links, and 32% has been the victim of fraud or identity theft. In addition, The 68% does not use two-factor authentication.
The «Citas App» prototype proved to be a solid foundation for a real-world implementation. Through attack simulations, the correct application of OWASP principles was validated, and the logging system proved crucial in diagnosing security responses.
