High-Tech Valentine: Do dating apps installed on company-issued mobile devices pose a security risk?

New Flexera Software report explains why some dating apps employees use on corporate and BYOD devices to find love – may be risky

Maidenhead, UK – February 9, 2016. As Valentine’s Day approaches, thoughts turn to cupid. So in this age of Bring Your Own Device (BYOD) and high-tech dating, CIO’s must consider a novel question: do the dating apps employees might be using on their corporate-issued or BYOD phones present a potential security risk to the organisation? According to a new report from Application Readiness expert, Flexera Software, the functionality and behaviour of many popular dating apps could violate organisations’ BYOD policies.

The report found that of the 25 popular Apple iOS dating apps tested[1]:

88 percent, including Grindr, OKCupid and Tinder, are capable of accessing a device’s location services.
76 percent, including Blendr, HowAboutWe and Zoosk, support ad networks.
60 percent are capable of accessing the device’s social networking apps as well as SMS/Texting functions
36 percent, including Grindr, Lovestruck and OKCupid, are capable of accessing the device’s calendar.
24 percent, including Blendr, Hinge and Tinder, are capable of accessing the device’s address book.
“IT Operations team have significant experience and expertise when it comes to traditional enterprise apps, so they understand what the apps do, how they work, what data they access, and whether or not they are risky. However mobile apps are another story,” said Maureen Polte, Vice President of Product Management at Flexera Software. “Most IT Operations professionals do not have the faintest idea what apps are loaded onto employees’ BYOD devices and whether those apps behave in a way that the organisation would deem risky. That’s why we recommend that organisations centralise their Application Readiness processes to test all apps, including mobile, that will be hitting their networks, allowing IT Operations teams to ‘blacklist’ any they deem to be in violation of their policies.”

Apps capable of these behaviours may or may not be risky – depending upon an organisation’s particular business, risk profile and BYOD policies. For instance, customer location data can be highly valued by companies targeting consumer behaviours, so many apps access the phone’s GPS data to pass along to advertisers. Confidentiality and privacy concerns in some organisations would prohibit unapproved apps from tracking employee location information.

To compile the report, Flexera Software identified 25 popular dating apps, representing a small sampling of dating apps that can be found in the Apple App Store and that could easily be downloaded by employees to a corporate-issued or BYOD device. These apps were tested using AdminStudio Mobile, an Application Readiness solution that helps organizations identify, manage, track and report on mobile apps, simplify mobile application management, reduce mobile app risk and address the rapidly growing demand for mobile apps in the enterprise.

[1]The apps tested were: Blendr, Bumble, Coffee Meets Bagel, E-darling, Gleeden, Grindr, Happn, Hinge, Hitch, HowAboutWe, Lovestruck, LOVOO, Match, MySingleFriend, NeuChat, OKCupid, Once, Parship, POF, RSVP, Sexy Flirt, Single.de, Tastebuds, Tinder, Zoosk