In today's age of instant gratification, mobile dating applications (apps) provide the comfort of meeting new people at the swipe of a finger. However, recent high profile incidents have raised security and privacy-related concerns with the use of these apps. The level of harm that can be inflicted on a victim using these apps can either be physical (e.g., murder, stalking, or sexual assault) or non-physical (e.g., identity theft, harassment, or cyber-stalking). In this paper, we study seven popular Android mobile dating apps, and the Google Chrome browser app (which can be used to access a particular dating service). Using an adversary model, we demonstrate how one can trivially conduct a man-in-the-middle attack against these mobile dating apps. The results of our study reveal that mobile dating apps are, potentially, vulnerable to security risks. In particular, our findings show that an adversary can intercept personal and private information in plaintext. This information can then be used to access a potential victim's mobile dating app profile. With our findings in mind, we then explain how the Routine Activity Theory can be applied to design mitigation strategies for mobile dating apps.

• 出版日期2021-6