API Security, Black Hat, Events
Victor Le Pochat and Karel Dhondt from the University of Leuven talk about how API vulnerabilities can expose PII
Michael Novinson (Michael Novinson) •
August 23, 2024
The collection and potential leak of precise location data by dating apps poses significant privacy risks, as users are more likely to divulge sensitive information and are at risk of stalking, harassment and physical harm, said Victor Le Pochat, a postdoctoral researcher at the Belgian research university KU Leuven.
reference: How enterprise browsers improve security and efficiency
Some of the apps “have the same vulnerabilities as Tinder did 10 years ago,” Le Pochat said. “Of the 15 most popular dating apps we looked at, every single one of them leaked data,” said Karel Dhondt, a postdoctoral researcher at KU Leuven. “We found a staggering 99 data leaks.”
Another big concern is API vulnerabilities, where poorly protected interfaces could expose sensitive user information. While data minimization is an effective strategy, D'Hondt says most apps don't adopt this approach, often prioritizing the collection and sale of user data.
In this video interview with Information Security Media Group at Black Hat 2024, Le Pochat and Dhondt also discussed:
- The type of data leaked (e.g. personally identifiable information and usage patterns)
- How secure coding practices and encryption mitigate the risks associated with dating apps.
- Why grid snapping can reduce the accuracy of your location data.
Le Pochat is a web security and privacy researcher. His research interests include large-scale web ecosystem exploration, web security research methodology, and the analysis and improvement of current research methods.
Dhondt's research interests include secure software development, security and privacy in online location-based services, integrating security measures into software engineering practices to enhance the security posture of software applications, and web security and privacy.