The new Raw dating app is already under heavy fire. This is a serious lapse in security exposing users’ private information, including sensitive location information, to prying eyes. TechCrunch first discovered the incident during a test run Wednesday. The company’s initial response to this crisis was impressive. The vulnerability, classified as an Insecure Direct Object Reference (IDOR), enabled individuals to access another user’s profile by simply changing the user ID in the app’s URL.
Raw, which launched in 2023, is built with the goal of encouraging authenticity. It prompts users to upload daily selfie-style photos to interact with each other. The recent incident has me questioning whether the app isn’t entirely serious about protecting its users’ privacy and data security. The vulnerability was revealed by directly accessing api.raw.app/users/ + 11-digit user ID. By altering the digits to match another user’s identifier, the system would return private details from that user’s profile.
Marina Anderson, co-founder of Raw, said the company took quick action to resolve the situation. “All previously exposed endpoints have been secured, and we’ve implemented additional safeguards to prevent similar issues in the future,” Anderson stated. The company is working to investigate the incident and has not yet agreed to inform users affected by the breach.
The Raw app has not implemented end-to-end encryption. Nevertheless, it does assert that it encrypts data in transit and applies access controls to sensitive data stored within its infrastructure. Anderson emphasized the company’s commitment to security measures, saying, “We use encryption in transit and enforce access controls for sensitive data within our infrastructure. Further steps will be clear after thoroughly analyzing the situation.”
Anderson revealed that Raw will be providing a full compliance report to the relevant data protection authorities. This comes on the heels of exposing sensitive user data and as required by law. This move comes as part of the company’s effort to comply with legal obligations and maintain transparency with its user base.
This bug highlights a larger, more urgent trend: data privacy in mobile applications is quickly deteriorating. This is particularly poignant on platforms that are highly interpersonal in nature, such as dating apps. Especially as individuals begin to depend on technology more and more for social interactions, the necessity for strict security procedures only intensifies.
Beyond providing dating services, Raw has recently unveiled a forthcoming hardware extension, the Raw Ring. Though still in development, this wearable device is meant to help the user monitor a partner’s heart rate and other sensor data. It offers AI-generated insights designed to improve communication and intimacy. User-friendly innovation technology is the best way to attract new users. Now, because of a recent security breach, that credibility has been compromised.
As Raw moves forward with its probe of this incident, it’s flying under the watchful eye of regulators and consumers simultaneously. The company’s actions in response will be critical to affecting its reputation. In a trust-based industry like personal data privacy, trustworthiness matters.
Leave a Reply