Dating apps and privacy—how much (sensitive) data do users trade for romance?
Since the invention of the smartphone, people have become increasingly dependent on apps for everything—including dating. Given their function, dating apps often deal with personal information that many would consider particularly private in nature. As a result, harassment and scams are alarmingly common.
Concerns around this issue are high enough that Tinder, one of the most popular dating apps globally, has started introducing ID verification to combat criminal activity.1 While the aim is to enhance the safety of its users, this change also means that the app will hold and process sensitive documents such as driver’s licenses and passports, which could lead to people revealing even more than they would like and put them at higher risk in case of a data breach.
To gain a better understanding of the potential impact dating apps may have on users’ privacy and security, Incogni’s research team analyzed the top 9 dating apps identified by Forbes.2 We looked into their data collection and sharing practices and past incidents involving the breach, leak, loss, or mishandling of user data.
It’s worth noting that Facebook dating is only available through the Facebook app, meaning that some data the app discloses collecting and sharing might not be strictly relevant to the dating functionality.
Key insights
- The majority of dating apps (Facebook, Bumble, Hinge, Plenty of Fish, Coffee meets Bagel) collect information on sexual orientation and political and religious beliefs. Some also collect information on race and ethnicity.
- All the apps share “other info,” which may include gender identity, date of birth, and veteran status.
- The most sensitive shared data points include purchase history, shared by Bumble, and approximate location and apps, shared by Hinge, Plenty of Fish, Tinder, and BLK dating.
- The majority of the investigated dating apps experienced data incidents, which included pictures of users being scraped and published online.
Data collection and sharing
For the 9 apps we investigated, the average number of data points collected was 20. Facebook collects the most data at 37 data points and Feels – dating & friends collects the least at only 3 data points.
Facebook collects data including contacts, calendars, files and docs, voice recordings, videos and photos, SMS and emails, fitness and health info, credit score, sexual orientation, and political and religious beliefs.
Bumble, Hinge, Plenty of Fish, and Coffee Meets Bagel all collect information on race and ethnicity, sexual orientation, and political and religious beliefs. Tinder and BLK Dating also collect sexual orientation.
It should be noted that all of the apps collect other data, which could include gender identity, date of birth, and veteran status.3
Also worth noting is that many apps allow users not to provide certain data points. Over half of the data points collected by Facebook are optional (a total of 24/37), for example.
Hinge allows its users to not disclose 8 out of 21 data points. If a user does not provide this data to the app, Hinge ends up collecting fewer data points than Plenty of Fish, Tinder, and happn (assuming the user discloses as little as possible to them as well).
Plenty of Fish and Coffee Meets Bagel also allow for a notable exclusion of 7 data points (from 21 and 17, respectively). Bumble, Tinder, happn, and BLK Dating each have 6 optional data points, while Feels has no optional data points.
Even more concerning than the data they collect, the dating apps we investigated share 7 data points each, on average. It’s also noteworthy that there’s a significant range, with 4 apps sharing 9 or more data points, while 2 apps claim to share none.
Tinder is the most generous, sharing half of the data it collects, meaning a whopping 10 data points reach third parties. Tied for second place, we see Hinge, Plenty of Fish, and BLK Dating with 9 data points shared by each. These are followed by happn with 6 data points shared and Facebook with 5 data points. Coffee Meets Bagel and Feels claim to not share any data points.
The most sensitive types of data being shared are purchase history, shared by Bumble, and approximate location and apps, shared by Hinge, Plenty of Fish, Tinder, and BLK Dating. Happn also shares approximate location, while Coffee Meets Bagel and Feels both claim not to share any info.
Purposes
Along with what information they collect and share, Google Play requires developers to disclose the reasons for sharing this data. While common purposes such as fraud prevention and account management are reasonable, users may want to watch out for the data these apps share for purposes like marketing.
The dating apps we investigated share the greatest portion of the data they collect for the purpose of fraud prevention (which constituted 58% of all purposes cited). Advertising and marketing was the second-most cited purpose (28% of all purposes).
Given that advertising or marketing is a common purpose, our researchers took a deeper look into the data points apps share for this reason.
- Happn shares approximate location for advertising, being the only app to give out user location (precise or approximate) for such a purpose.
- Bumble and happn share user email addresses.
- Bumble and happn also share other personal information. This is a broad category but can include things like date of birth, gender identity, and veteran status.
- Bumble, Tinder, Hinge, Plenty of Fish, and BLK Dating share app interactions, which can include a broad range of things such as gameplay in games or user likes in platforms where “liking” is an option, essentially encompassing user activity in the app.
Data incidents
Where sensitive information such as financial information, sexual orientation, and political and religious beliefs are involved, data security can be an area of concern for users. To gain a general understanding of how big of a concern this may be, our researchers looked for instances of that data being mishandled, leaked, or otherwise affecting service users.
In no particular order, we found that:
- Bumble had left an unsecured database exposed to anyone who could find it. Seemingly, no user data was accessed before the issue was discovered, but data like users’ physical characteristics, location, and education information were exposed for at least 7 months.
- Tinder saw the pictures of around 16,000 users scraped and made available on a cybercrime forum. A total of approximately 70,000 photos were gathered and made available online in late 2019.
- Coffee Meets Bagel issued a statement in 2019 that some user data was accessed by an unauthorized party. Details are scarce for this event, but the company claims no sensitive data was affected.
- Facebook, not specifically Facebook Dating, has been subject to many data-related incidents, some resulting in fines for data mishandling. Notably, the user data of those active on the platform between 2018 and 2019 was accessed by an unauthorized party and later leaked online in 2021.
- Plenty of Fish received a report from a white-hat hacker in 2019 that information designated as “hidden” was publically accessible by other users on the platform. Hidden data could have included things like users’ zip codes. It’s not known whether this was abused by nefarious actors.
Conclusions
The nature of dating apps requires users to give up a lot of personal information. Things like sexual orientation, location, and photos are all but essential to how they function. Users trust apps to safeguard this data, but that trust may sometimes be misplaced. It’s important for users to exercise their best judgment when it comes to sharing optional data with dating apps and the strangers they encounter there.
App developers also have a responsibility to safeguard their users. Tinder’s new ID verification is one way to do just that. However, apps that collect a lot of data, especially sensitive documents such as passports and driver’s licenses, can still pose a significant risk, even if they share very little of that information. Incidents of users’ personal information being exposed, intentionally or otherwise, occur with significant frequency, meaning that greater data safety measures must also be put in place to protect users.
Methodology
Incogni’s research team identified some of the most well-known dating apps based on a ranking by Forbes. On January 29, 2024, the research team then collected information about these apps from the Google Play Store, noting what user information the selected apps collected and shared and for what purposes.
It’s important to note that Facebook Dating is only available through the Facebook app, meaning that some data the app discloses collecting and sharing might not be strictly relevant to the dating functionality.
For detailed information used in this study, visit our public dataset.
Sources
- TechCrunch. “Tinder is expanding ID verification to the US, UK, Brazil and Mexico.” Published February 20, 2024. https://techcrunch.com/2024/02/20/tinder-is-expanding-id-verification-to-the-us-uk-brazil-and-mexico/.
- Forbes. “Best Dating Apps of 2024, According to Research.” Accessed January 29, 2024. https://www.forbes.com/health/dating/best-dating-apps/.
- Google Console Help. “Provide information for Google Play’s Data safety section.” Accessed February 5, 2024. https://support.google.com/googleplay/android-developer/answer/10787469?sjid=9053211159761541022-EU.
Visuals
We welcome the reuse of our images if proper attribution is given to Incogni. The charts, graphs, and tables used in this research can seamlessly embed into your website. Use the menu that appears at the top right of the visual when you hover over it with your mouse. When embedded, these visuals maintain their interactivity and preserve their original quality.