Back in 2023, we applied our then still relatively new privacy analysis of mobile applications to the field of dating apps—an area that is extremely popular with users—and, unsurprisingly, identified massive data-collection potential in virtually all of the apps examined.

In the meantime, the test format has evolved into an independent certification test and has been adjusted and expanded in several areas. And since dating apps remain incredibly successful—especially at this time of year—and represent a more than worthy challenge for our test format and every aspect of it, we would like to take the opportunity to take a closer look at this category once again.

What has changed? And could any of these apps actually have a chance of earning our approved privacy seal? Let’s find out.

Further information on the methodology behind our privacy analysis and the corresponding certification is available on our website.

Applications Reviewed

Already in our 2023 test, we selected a broad range of eight different dating apps based on their international popularity and download figures. This time, we wanted to place a stronger focus on the German-speaking market—choosing apps that are particularly popular or frequently mentioned in this region—while also integrating a selection of apps that we had not previously examined.

As sources, we consulted various reviews and comparisons. Nevertheless, we once again included some of the largest and most well-known names in this sector in order to enable a comparison with our previous test. Below is the complete list of the 11 applications we reviewed, along with their versions and approximate download numbers according to the Google Play Store.

Reviewed applications

Permissions

As with our initial test of dating apps in 2023—and, in fact, as is always the case when analyzing an app’s functionality—we first examined the permissions requested by the various apps during operation. This provides a solid initial indication of what capabilities an app may fundamentally have in practice and, accordingly, which data it could potentially access. For an application that respects its users’ privacy, it would of course be particularly desirable to request only those permissions that are absolutely necessary for basic functionality—for example, a flashlight app requesting access to my contacts would be at least suspicious.

When it comes to the basic, expected core functionality of a dating app, the requirements are actually fairly limited. The app clearly needs to be online, i.e., have access to the internet. Users must be able to share photos of themselves and may also need to provide their own (rough) location in order to determine whether a potential match is at least theoretically located within a reasonable distance. If the app additionally offers voice and/or video chat features, it naturally requires access to the corresponding system functions. That should almost cover everything.

Number of permissions claimed per app

Unsurprisingly, however, the apps examined do not behave quite so modestly—at least most of them. As already observed in the 2023 test, it is notable that all applications without exception access the Ad-ID. This ID is a pseudonymous advertising identifier on Android devices that allows apps to recognize users for personalized advertising. It is used to deliver more relevant ads and measure their effectiveness without directly using personal data such as names or email addresses. The ID therefore enables tracking across apps and the creation of detailed usage profiles, even without real names. While the ID can be reset and personalized advertising can be disabled, profiling still occurs when it is active. For this reason, Android has been shifting many advertising functions to on-device processing via AdServices / the Privacy Sandbox in order to reduce data leakage and cross-app tracking. At least it can be noted that all of the apps tested also declare the newer, more privacy-friendly AdServices permissions—although these are by no means strictly necessary for operation. At the same time, the legacy Ad-ID is clearly still being used. A dating app that relied exclusively on monetization through in-app purchases and completely refrained from user tracking would have been a genuinely positive surprise.

Another aspect that continues to stand out is the use of FINE_LOCATION. In contrast to COARSE_LOCATION, which only allows rough positioning within a range of several kilometers, FINE_LOCATION enables precise localization, such as that required for navigation. For the purposes of a dating app, COARSE_LOCATION should therefore be entirely sufficient. In the test, however, only three apps—Parship, elitePartner, and snoggle—refrain from requesting fine-grained location data, and unsurprisingly, these are also the apps that request by far the fewest permissions overall. One app (pure), by contrast, goes even further and, in addition to FINE_LOCATION, also requests permission to access location data while running in the background. This should not be necessary under any circumstances.

Third-Party Trackers

In addition to data collection by the app operators themselves, the collection of data by so-called trackers is of particular interest for our analysis. These are software modules whose purpose is to record and evaluate user behavior as well as to collect relevant metadata. As expected, the apps examined contain a comparatively large number of such trackers, since a significant portion of their monetization is based on using user data for advertising purposes. The well-known saying once again proves true here: if a product is free for you, you are the product.

Number and types of integrated trackers, as well as the number of trackers for which activity could be verified

In terms of the sheer number of trackers per app, there has been little change compared to the previous test for most apps. Peak values exceeding ten trackers are still not unusual. Likewise, the observable activity of individual trackers remains relatively high. That said, there are also some positive observations: the Parship and elitePartner apps (which are essentially technically identical and operated by the same company) include only three integrated trackers. Two of these are Google analytics and crash-reporting trackers—Crashlytics and Firebase Analytics—which are present in virtually every Android app, as well as the analytics-focused tracker Adjust. No additional modules dedicated exclusively to advertising or explicit user behavior analysis could be identified. Compared to the previous test, in which a total of six trackers were found in the Parship app, this represents a noticeable reduction. As a result, these two apps could almost be considered exemplary in this category.

However, there are still two minor but formally significant issues with these apps as well. First, the presence of the Adjust tracker is not mentioned at all in the privacy policy. Second, this tracker communicates before the user has even had the opportunity to accept the privacy policy. As a result, data is still being collected without the user being informed or given a chance to object.

Overall, only three apps in the test showed no detectable activity from integrated trackers before the privacy policy was accepted: Badoo, snoggle, and Hinge. For the first two, however, data was still exchanged prior to acceptance—albeit by the app itself rather than by trackers. Only in the case of Hinge were we unable to detect any active data-collection communication before acceptance of the privacy policy. Here, however, the issue reappears that only two of the five integrated trackers are actually mentioned in the privacy policy. As such, none of the apps examined can be considered “100% exemplary” or even fully “formally compliant” in this area—although Parship and elitePartner come relatively close.

Data Collection

The types of data collected essentially cover almost everything imaginable. This naturally includes a wide range of metadata related to the device in use, various unique and non-unique user and device identifiers, the platform and hardware used, usage times, location, time zone, and more. In addition, there are repeatedly larger data segments transmitted in encoded formats which, even when transport encryption is broken, are not readily readable and likely are not intended to be. In these cases, one can only speculate about what additional information is being transmitted. It is conceivable that, in the future, we may conduct a targeted, more in-depth analysis of a single app in order to gain insights into data that is obfuscated in this way.

With regard to the sheer volume of data being transmitted, it can be clearly—and unsurprisingly—observed that apps with fewer integrated tracking modules also send significantly less data overall to a wide range of endpoints. Anyone who wishes to avoid becoming even more transparent while using a dating app—which by its very nature already gains detailed insights into a user’s life—should therefore choose one of the apps with fewer tracking modules. In this respect, the apps from Parship and elitePartner appear to be a reasonable choice, as our analysis of their additional communications also revealed no indicators of excessive data collection.

User Information

One of the objectives of this investigation is to identify inconsistencies between the information provided to users about app activity and what actually happens in practice during the operation of the application. For our analysis, the privacy policy is naturally of utmost importance, as it represents the user’s primary—and often only—source of information, and is therefore examined in detail.

Overall, there has not been a significant change in this area compared to the previous test. All apps provide a privacy policy (so far, so good). In every case, these policies are extensive, detailed, complex, and not particularly enjoyable to read—again, no surprise. The most persistent issue, however, remains the incomplete disclosure of all data-collecting entities integrated into the apps. Only one of the operators examined (Jaumo) manages to list all integrated trackers and clearly explain their purpose and activity—despite the app containing a total of nine such trackers. So it is clearly possible. The yoomee app also includes ten trackers and “forgets” to mention only one of them in its privacy policy. With appropriate diligence, this should therefore not pose a major problem in principle.

Verdict

Overall, the findings of this analysis remain largely unsurprising. The dating apps examined contain, in some cases, considerable tracking potential, and in most instances make fairly uninhibited use of it. The biggest issue continues to be the often entirely inadequate level of user transparency, with users too frequently being left in the dark about what data is being collected about them without their knowledge and with whom it is being shared.

There is, however, a small surprise in that the test did include two apps that we could almost recommend for use. The Parship and elitePartner apps are genuinely lean in their design and, apart from a few minor formal issues that could easily be remedied, are in fact close to exemplary. This demonstrates that privacy is continuing to gain importance and that the need to take it seriously is increasingly being recognized—not only by end users, but also by app operators.