Badoo Android and iOS Dating Application Analysis

Usage of mobile dating apps has been a rising trend in recent times, including during the COVID-19 lockdown periods. One of the key concerns about the use of such apps is in the amount and types of user data collected (e.g., personal and sensitive information such as sexual orientation, and information about online activities such as intimate messages and browsing behaviors). Since it is relatively easy and inexpensive to setup a man-in-the-middle attack and intercept dating app communication, a natural question is then whether the communication is encrypted and/or how much ‘useful’ information an attacker can infer from the intercepted communication, for example using freely available tools. Seeking to answer this question, we focus on the Badoo dating applications for both Android and iOS mobile devices (i.e., app version 5.187.0 on iPphone 7 (iOS 14.2), and app version 5.198.1 on Moto G5 Plus (Android v7.0)). Specifically, we explain the types of information an individual could obtain using only a laptop and Wireshark, a freely available network capture tool.