Dating sites can sometimes contain photos that the users don’t want everyone to see. However, dating and hook-up app Jack’d have been publicly sharing photos that users think are only shared privately. The Android version of this app has over 110,500 downloads and it is also available on iOS.
Jack’d Dating App
Jack’d is an app designed to help connect gay, bi or curious guys. On the app, they can chat, share and meet up anywhere in the world. Part of the sharing feature is being able to swap private and public photos.
Researcher Oliver Hough found the security flaw that allows anyone with a web browser to access a users photos if they know where to look. These photos can be accessed without the need to authenticate or sign into the app.
Hough stated that there are no limits on the number of images that can be downloaded. This can open users up to blackmail or posting of these images online.
Oliver Hough said he had reported this security flaw to the Jack’d programming team three months ago. However, it appears the flaw still hasn’t been patched. While these images can be downloaded, there is no easy way to link them to a users account. It means it is less likely a hacker can also retrieve personal details.
Not The First
This isn’t the first dating app to have security concerns. Grindr was still exposing the precise location of more than 3.6 million users as of September 2018. The information also included body types, relationship status and HIV status.
Although Grindr claimed that this security flaw was removed in April 2018, there is still evidence to suggest that anyone can obtain the exact location of users.
To prevent photos from being stolen, it has been advised that users of Jack’d remove them from the app until the security flaw is fixed.
It is also advisable to inform other Jack’d users that this problem exists.