A major security lapse at the Raw dating app has exposed users’ personal information and sensitive location data, as revealed by TechCrunch on May 2, 2025. The breach revealed information such as users’ display names, dates of birth, sexual and dating preferences, and precise location coordinates, some of which were accurate enough to pinpoint users at street level.
Launched in 2023, Raw claims to offer more genuine connections by requiring users to upload daily selfie photos. While the app has garnered more than 500,000 downloads on Android, the data breach raises serious concerns about the privacy and security of its users.
The Breach Details:
- The exposed data was accessible through publicly accessible URLs tied to each user’s profile, meaning anyone with the unique 11-digit user ID could retrieve sensitive information.
- Raw app users’ location data was exposed, including precise street-level coordinates, which could put users at risk.
- The app’s security policy claims to use end-to-end encryption, but TechCrunch found no evidence of such encryption, suggesting that user data was publicly accessible.
The issue was discovered when TechCrunch tested the app, installing it on a virtual Android device. Upon accessing the app, the test revealed that Raw was leaking user data through unprotected API endpoints. This vulnerability allowed the data of any user to be accessed simply by modifying the user ID in the exposed URL.
Raw’s Response:
- Raw fixed the security hole within hours of being notified by TechCrunch, implementing additional safeguards to prevent similar issues in the future.
- Despite the breach, Raw’s co-founder Marina Anderson stated that the company had not performed a third-party security audit and would not proactively notify affected users. The company will, however, report the incident to relevant data protection authorities.
- Anderson confirmed that the company uses encryption in transit and enforces access controls for sensitive data but has not provided clarity on the full scope of the breach or whether any changes will be made to its privacy policy.
Concerns About the Raw Ring:
Raw’s security flaw comes in the same week the company introduced a new hardware product, the Raw Ring. This wearable device is designed to allow users to track their partner’s heart rate and other sensor data, supposedly to detect infidelity. The combination of tracking romantic partners’ physical data with this app’s already compromised security raises significant ethical and privacy concerns.
What Happened Next:
While the app’s security issues have been addressed for now, the lack of a third-party audit and the company’s silence on notifying users about the breach raises red flags. As privacy and security in dating apps remain a critical concern, users are advised to remain cautious.
Also Read : Stripe Shows iOS Developers How to Avoid Apple’s App Store Commission
