Therefore I reverse engineered two dating apps.

And I also got a zero-click session hijacking as well as other enjoyable vulnerabilities

On this page I reveal several of my findings through the reverse engineering for the apps Coffee Meets Bagel additionally the League. We have identified a few critical weaknesses throughout the research, all of these have already been reported to your vendors that are affected.


During these unprecedented times, increasing numbers of people are escaping in to the electronic globe to handle social distancing. Over these right times cyber-security is more crucial than ever before. From my experience that is limited few startups are mindful of security guidelines. The firms accountable for a big number of dating apps are no exclusion. I began this small research study to see exactly just how secure the dating apps that are latest are.

Accountable disclosure

All severity that is high disclosed in this article have now been reported into the vendors. By the period of publishing, matching patches have already been released, and I also have actually separately confirmed that the repairs have been in spot.

I shall perhaps maybe not offer details in their APIs that is proprietary unless.

The prospect apps

We picked two popular apps that are dating on iOS and Android os.

Coffee Suits Bagel

Coffee satisfies Bagel or CMB for short, established in 2012, is renowned for showing users a restricted wide range of matches each day. Continue reading