Dating App Forensics

Online dating allows people to easily connect with those around them also looking for relationships. With stay-at-home orders, more and more people have turned to dating apps as a source of communication, socialization, and entertainment. However, the ease of use and accessibility of dating apps have also provoked a surge in criminal activities, primarily sex crimes.

According to CNET, Tinder and OkCupid were chosen as one of the best dating apps of 2021. But are they safe? A year ago, Glen Hartland was sentenced to nearly 15 years in prison for sexually assaulting three women and indecently assaulting another on Tinder. A recent article reported that in 10% of the incidents, dating platforms matched users with someone who had been accused or convicted of sexual assault at least once. 

Unfortunately, sex crimes aren’t the only threat. Dating apps can also be vulnerable to cyber-attacks. Because they often store sensitive user data, this lack of security poses a great threat to users’ personal lives. Access to dating apps can be crucial for investigations in which people’s lives and safety are at risk. 

With this in mind, Oxygen Forensic Detective 13.3 has taken the initiative to significantly enhance support for dating apps. We are providing investigators with the ability to quickly extract critical evidence from Tinder and OkCupid, whether via cloud or mobile device. 

Dating app extraction from mobile devices

Oxygen Forensic Detective v.13.3 offers the ability to extract digital evidence from the OkCupid app. To acquire OkCupid data from Android devices, the investigator must have a physical or file system extraction. Support for the OkCupid app from Apple iOS devices is covered under full file system extraction via checkm8 vulnerability. 

Extracted evidence sets will include: 

  • Account details 
  • Users 
  • Chats 
  • Cookies 
  • Cache 

In Oxygen Forensic® Detective v.13.3 we’ve also updated support for two more popular dating apps – Tinder and Badoo. 

The Tinder artifacts from mobile devices will include account, cookies, chats, cache, likes, logs, matches, moments, messages, photos, and Discovery settings. Tinder data extraction is supported via Android physical or file system methods, as well as logical and full file system methods for Apple iOS devices. 

Access to the Badoo mobile app will allow investigators to acquire the following evidence: account, cookies, chats, cache, calls, locations, logs, messages, user pictures, and users. Use Android physical or file system extraction methods to recover app data from Android devices and full file system method via checkm8 to acquire evidence from Apple iOS devices. 

Please refer to the Supported Applications list within Oxygen Forensic® Detective to check what other dating apps and artifacts are supported. 

Dating app extraction from cloud 

OkCupid data can also be fully extracted from the cloud. To access this valuable data, investigators need to use a phone number, login credentials, or a token that was previously extracted from Apple iOS or Android devices. If 2FA is enabled by the account owner, an investigator will need to receive a code to the connected phone number and enter it into the Oxygen Forensic Cloud Extractor. 

Once the extraction is complete, investigators will have access to: 

  • Account details 
  • Contacts
  • Chats 
  • Questions 
  • Preferences 
  • Payment info 
  • Files 

Please note, if a user has a paid OkCupid account all the connections, including the ones collected by Oxygen Forensic Cloud Extractor will be visible in the account. OkCupid does have built-in safeguards for suspicious connections, so an account may be blocked if the cloud service considers a new connection to be suspicious.

Tinder data can be accessed from the cloud if authorization is made via phone number, login credentials, or token. If 2FA is enabled, an investigator will need to enter a code received to the connected phone number or email address. Please note, an app may send a notification to the connected phone number once the investigator authorizes the account with the required authentication method. We highly  recommend authorizing the service with the IP of the country where the app account was registered. Possible account blocks will generally be avoided by doing so. 

Tinder cloud data will include: 

  • Account details 
  • Matches
  • Incoming likes
  • Outgoing likes
  • Chats 
  • Subscriptions 

Need to try Oxygen Forensic Detective on dating app parsing? Ask us for a fully-featured demo license.