Plenty of Fish app was leaking users’ hidden names and postal codes
Dating app Plenty of Fish has pushed out a fix for its app after a security researcher found it was leaking information that users had set to “private” on their profiles.
The app was always silently returning users’ first names and postal ZIP codes, according to The App Analyst, a mobile expert who writes about his analyses of popular apps on his eponymous blog.
The leaking data was not immediately visible to app users, and the data was scrambled to make it difficult to read. But using freely available tools designed to analyze network traffic, the researcher found it was possible to reveal the information about users as their profiles appeared on his phone.
In one case, the App Analyst found enough information to identify where a particular user lived, he told TechCrunch.
Plenty of Fish has more than 150 million registered users, according to its parent company IAC. In recent years, law enforcement has warned about the threats some people face on dating apps, like Plenty of Fish. Reports suggest sex attacks involving dating apps have risen in the past five years. And those in the LGBTQ+ community on these apps also face safety threats from both individuals and governments, prompting apps like Tinder to proactively warn their LGBTQ+ users when they visit regions and states with restrictive and oppressive laws against same-sex partners.
A fix is said to have rolled out earlier this month for the information leakage bug. A spokesperson for Plenty of Fish did not immediately comment.
Earlier this year, the App Analyst found a number of third-party tools were allowing app developers to record the device’s screen while users engaged with their apps, prompting a crackdown by Apple.