Widely used dating apps Bumble, Hinge, Grindr, Baoo, happn, and Hily were found to have design vulnerabilities that could enable malicious users to identify other users' locations down to two meters through oracle trilateration, TechCrunch reports.
While all of the identified apps shared exact locations for their "filters" functionality, such an issue has already been addressed by the apps through the rounding up the exact coordinates that rendered oracle trilateration techniques ineffective, according to a study from KU Leuven researchers. Immediate remediation of the flaw was noted to have been conducted by Bumble early last year, while Hily reported looking into the issue. "...[W]e engaged in extensive consultations with the authors of the report and collaboratively developed new geocoding algorithms to completely eliminate this type of attack. These new algorithms have been successfully implemented for over a year now," said Hily co-founder and Chief Technology Officer Dmytro Kononov.
