Raw Dating App Left User Data Unprotected, Exposing Private Details For All To See
Raw was launched in 2023. The app encourages users to post unedited, real-time pictures of themselves taken with their phone cameras each day. The developers of the app claim posting daily photo updates fosters real conversations and reduces catfishing or scams on the app. However, concerns have emerged about its ability to protect user information on its platform. A new report claims that a bug in the app makes it easy to access a user's sensitive information, such as their display names, date of birth, sexual preference, and even their location.
Security researchers created a "virtualized Android device" and registered on the app using fake data to monitor its activity. During testing, it was discovered that the app "was pulling the user's profile information directly from the company's servers, but that the server was not protecting the returned data with any authentication." This security flaw makes it easy for anyone with some technical knowledge to access the details of users registered on the app.
In response to the discovery, Marina Anderson, the co-founder of Raw, informed TechCrunch that "All previously exposed endpoints have been secured, and we've implemented additional safeguards to prevent similar issues in the future."
Prior to this finding, Raw had announced that it would be introducing a wearable ring, which it claims will allow users to track their partner's location, heart rate, and other data to alert them to potential infidelity. However, considering this security lapse, users may likely find it difficult to trust that kind of data with the company.
It's worth noting that while it may be impossible to prevent all data breaches, users can protect themselves by limiting the information they share online. If it's shared online somewhere, it's likely to be comprimised at some point.
