More specifically, in Tinder, Happn and Bumble users can add information about their job and education.

Some apps only allow users with premium (paid) accounts to send messages, while others prevent men from starting a conversation.

These restrictions don’t usually apply on social media, and anyone can write to whomever they like.

The attack is based on a function that displays the distance to other users, usually to those whose profile is currently being viewed.

Even though the application doesn’t show in which direction, the location can be learned by moving around the victim and recording data about the distance to them.

This is done using the authentication token the app receives from Facebook.

By modifying this request slightly – removing some of the original request and leaving the token – you can find out the name of the user in the Facebook account for any Happn users viewed.This method is quite laborious, though the services themselves simplify the task: an attacker can remain in one place, while feeding fake coordinates to a service, each time receiving data about the distance to the profile owner.During our research, we also checked what sort of data the apps exchange with their servers.Information about users in all the other apps is usually limited to just photos, age, first name or nickname.We couldn’t find any accounts for people on other social networks using just this information. In one case the search recognized Adam Sandler in a photo, despite it being of a woman that looked nothing like the actor.If the app included an option to show your place of work, it was fairly easy to match the name of a user and their page on a social network.