The founder of beAmore talked about the security problems of dating apps and their solutions
Users of dating services in all countries of the world often face problems related to the security of applications. Such problems include stalking, fraud and aggression from users, as well as numerous leaks of user data, which have unfortunately become commonplace. In a new material, the founder of the beAmore dating program, Vlad Vnuchkov, told Khabr what problems exist and how the service team solves them.
The departure from the Russian market of foreign dating applications, including Tinder and Badoo, became an incentive for the development of new Russian services. At least ten new dating services have entered the market in the last three months. The beAmore program was created for more than two years, but it coincided so that it entered the market on the day Tinder left Russia on June 30, 2023, Vlad Vnuchkov noted.
The growing number of new services on the market has raised the issue of user data protection and online dating security. The problem is relevant for all online dating users around the world. Conventionally, security incidents can be divided into three groups:
-
aggression, stalking or rudeness from other users;
-
fraud by some users against others;
-
leakage of personal, personal and payment data.
In the first two cases, online communication between people is little different from offline: both there and there are bullies, manipulators and their potential victims. In the third group of problems, which can be called technical, service developers are almost always to blame. The beAmore team has used several methods to help minimize errors and increase user safety.
Contents
People want to make new acquaintances in a comfortable and safe environment. But, according to statistics from the American research center Pew (Pew Research Center), 60% of women under 35 face stalking in dating applications, 57% receive indecent photos, 44% – offensive messages, 19% – threats of physical violence. Men face similar problems twice as often, but their number is quite large.
In Russia, the problems are similar — before starting the development of the program, the beAmore team surveyed more than 2,000 people about what they don’t like or what confuses them about modern dating services. It turned out that 65% of users of online dating services in Russia, both men and women, complain about fake accounts, 50% – about fraudsters and so-called scammers.
One of the first barriers to fake accounts and bots in the case of beAmore is paid subscription and enhanced verification. To register, the user must enter a phone number and confirm it by answering a call (callback). The level of access to the services of the application and the possibility of communication with other users directly depends on the completeness of filling out the questionnaire – if the profile is not filled out by more than 80%, the user will not be able to send messages to other people in the application.
To protect against stalking and unwanted content, the developers made a complaint, which is activated at the stage of viewing profiles, so that at any time the user can send a complaint about hate, harassment or offensive content with one click. In the first release of the program, all complaints are manually moderated by the customer service department. The processing of each complaint takes from 10 minutes to 1 hour: complaints about dickpicks are processed the fastest, it takes more time to moderate messages about registration in beAmore of a fraudster who previously “lit up” in other services.
After the complaint is moderated, the offending user’s profile is blocked, for any attempt to use the program’s functionality, he receives a message demanding that the violation be eliminated. If the violations are not eliminated or the profile receives repeated complaints, the content of which is confirmed by the moderator, the profile is permanently blocked, and the phone number is blacklisted to avoid re-registration.
All such complaints are classified, moderated and entered into the database with a decision. beAmore’s expectations that subscription access will allow for the formation of a quality audience are justified – at the moment, the number of accounts blocked due to complaints does not exceed 0.5% of the total number of users of the service.
In the next release, which is expected at the end of autumn, the beAmore developers plan to partially transfer the moderation of complaints to AI.
The Tinder Swindler vs II
Another global problem of dating applications is fraud with the use of social engineering, that is, finding out the maximum amount of information about a person and using it for selfish purposes by deception. In Southeast Asian countries, 45% of women victims of fraud have lost money due to the deception of virtual fans on dating services. In the United States in 2020 alone, losses from fraudsters in online dating services exceeded 300 million dollars, and in Great Britain – 68 million pounds.
The scale of the problem is so great that the British documentary film about the Israeli lover “The Tinder Swindler” (The Tinder Swindler) after its premiere on Netflix in the first week gained almost 50 million views. In Russia, there is still no available data on losses from dating scammers, but the problem also exists.
No matter how fraudsters try to disguise themselves, there are reference points that allow you to calculate them when trying to re-register from another phone number. This is identification with photos, by information in the profile, and if the photo and information can be replaced, then text style recognition works. At the stage of the first release, beAmore works to identify photos of new users with blocked ones and, in case of coincidences, to compare the styles of messages in manual mode. In the second release, it is planned to connect automatic II-checking of new profiles for coincidence with the database of fraudsters and unwanted accounts, which is formed and accumulated in the service.
The customer support services of quality dating apps pay attention to unusual user activity, such as mass sending of the same type of messages to different people from the same account or the publication of financial details of users within the service. beAmore blocks such accounts, which is indicated by a warning at the registration stage. To protect users from the selfish motives of other participants, attempts to advertise their goods or services within the program are also blocked.
In the future, major dating apps may create a unified unified database of such profiles to make it difficult for scammers and stalkers to register multiple times. Users of dating applications self-organize and create such databases in various social networks. Sooner or later, dating apps will realize that to ensure security, some information, namely the blocked profiles of attackers, can be exposed to competitors.
Why is the data “leaking”?
The personal data of users in any online application must be protected in accordance with the requirements of the law. But compliance with the letter of the law does not insure developers from making mistakes. Most often, as Vlad Vnuchkov notes, the following mistakes are made at the development stage:
-
no distributed database;
-
real IP addresses are not hidden, which opens the way to DDoS attacks;
-
poorly isolated front-end and back-end, which makes them vulnerable to hackers – it is important to build the server architecture of applications so that the back-end and front-end are located in separate isolated networks to minimize the risks of possible attacks;
-
user payment data is stored in the application, although this information must be processed and protected by specialized payment service providers;
-
savings on testers — speeding up application launch times, often customers are formal about testing possible bugs, the price of a mistake in this case is not only huge fines in case of leaks, but also reputation, which is critical for dating services.
Another frequent security problem of Russian dating services is the embedded code, for example, for displaying advertisements, which is regularly used by hackers and fraudsters. When using free services whose monetization is based on advertising, it is important for the user to be extremely careful and protect their bank and other accounts with at least two-factor authentication. Protecting against in-app hacks of this type should be a priority in IT design and operation, as in-app ads are an attractive target for hackers. In the case of beAmore, this risk is mitigated by the business model — the service works on a subscription basis and does not place any advertisements inside the program.
As a result, the basic rules of a safe online dating service: do not collect or store user payment data, constantly monitor all functions for bugs, monitor application stores for “clones” – hackers can create copy applications, and when choosing an “advertising” business – models to create a strengthened system of protection against leaks.
Another important condition for improving the safety of online dating is to create a maximum of tools and opportunities for communication within the ecosystem of the program, so that people can get to know each other better, and not immediately go to external messengers after meeting. At a minimum, so that when communication goes in a suspicious direction, users can protect themselves with the help of customer support, without revealing personal data to attackers.
At the moment, beAmore includes six dating services in one application: search for relationship partners, friends, company for Friday night, voice speed dating service voicedate, company search service for joint parties and chat rooms for communication by interests. Taking into account the chosen business model of paid subscription (from 390 rubles per month, depending on the package), the service team bet on qualitative, not quantitative growth of the audience and security as the cornerstone of the strategy, assures Vlad Vnuchkov. Costs for IT security and moderation in the service budget are almost a quarter higher than the market average, the user agreement sounds harsh in places, but, Vlad adds, all these measures make it possible to create a space where people can get to know each other and communicate in a safe and comfortable environment.