Therefore I reverse engineered two dating apps & Coffee fulfills bagel api

Therefore I reverse engineered two dating apps & Coffee fulfills bagel api

And I also also got a session this is certainly zero-click along with other fun weaknesses

About this web page we expose some of my findings through the entire engineering that is reverse of apps Coffee Meets Bagel whilst the League. We have identified a couple of critical weaknesses through the study, most of these have been reported to the vendors being impacted.

Introduction

Within these unprecedented times, more and more people are escaping into the globe that is electronic cope with social distancing. Of these times that are right is more essential than previously. From my experience that is restricted startups that are few mindful of protection guidelines. The companies responsible for a range this is certainly big of apps are no actual exclusion. We started this little study to see precisely precisely how protected the dating apps that are latest are.

Accountable disclosure

All severity that is high disclosed in this essay have been reported to the vendors. Because of the time of publishing, matching patches happen released, and I additionally also provide actually separately confirmed that the repairs have been around in location.

I will possibly perhaps not offer details in their APIs that is proprietary unless.

The outlook apps

We picked two popular apps that are dating on iOS and Android os.

Coffee Suits Bagel

Coffee fits Bagel or CMB for brief, created in 2012, established fact for showing users a limited level of matches on a daily basis. They’ve been hacked when in 2019, with 6 million documents taken. Leaked information included a title this is certainly complete e-mail, age, enrollment date, and intercourse. Continue reading