This in turn could allow criminals to gather much more data about the victim, track their movements, identify their circle of friends and acquaintances. Discovering a user’s profile on a social network also means other app restrictions, such as the ban on writing each other messages, can be circumvented.Some apps only allow users with premium (paid) accounts to send messages, while others prevent men from starting a conversation.
This problem is found in both the Android and i OS versions of the app. Some of the apps in our study allow you to attach an Instagram account to your profile.
The information extracted from it also helped us establish real names: many people on Instagram use their real name, while others include it in the account name.
All you need to do is intercept the traffic, which is easy enough to do on your own device.
As a result, an attacker can end up with the email addresses not only of those users whose profiles they viewed but also for other users – the app receives a list of users from the server with data that includes email addresses.
Even though the application doesn’t show in which direction, the location can be learned by moving around the victim and recording data about the distance to them.
This method is quite laborious, though the services themselves simplify the task: an attacker can remain in one place, while feeding fake coordinates to a service, each time receiving data about the distance to the profile owner.By modifying this request slightly – removing some of the original request and leaving the token – you can find out the name of the user in the Facebook account for any Happn users viewed.Information about users in all the other apps is usually limited to just photos, age, first name or nickname.We couldn’t find any accounts for people on other social networks using just this information. In one case the search recognized Adam Sandler in a photo, despite it being of a woman that looked nothing like the actor.The Paktor app allows you to find out email addresses, and not just of those users that are viewed.By default, your email address is open and searchable to the world - potentially letting partners know that a spouse might be seeking additional company.