The privacy costs of dating on your phone: 100+ dating apps analyzed

Around the world, approximately 350 million people use dating apps.

But at what data privacy cost?

We looked at more than 100 of the most popular dating apps on the Google Play Store to find out. We analyzed each app’s manifest to see what permissions it requested upon download. On average, each dating app requests access to just over 30 permissions, with nearly eight of these being deemed high-level or “dangerous” by Android.

Android defines permissions as being “dangerous” if they “give your app additional access to restricted data or let your app perform restricted actions that more substantially affect the system and other apps.” These include any permissions that request access to one of the following groups: camera, microphone, calling, contacts, body sensors, texting, storage, and GPS location.

Many of these permissions will be necessary for a dating app to carry out its service, e.g. the camera will be required to create a profile picture and location data to find other users within the same area. However, access to these permissions should be clearly defined in the dating app’s privacy policy, so we checked to see if these important details were covered.

Of the 102 apps analyzed, only one app’s privacy policy omitted that it requested access to a user’s camera after download, but 13 privacy policies failed to clearly detail that a user’s precise (or “FINE”) location was requested upon download.

We also checked to see whether or not these privacy policies were in potential violation of Google Play’s privacy policy standards (detailed below). We found 24 apps that aren’t adhering to these standards.

Finally, we counted how many trackers each app uses. On average, each dating app had nine trackers.

We contacted all of the developers of the apps mentioned in this piece and you can read their responses in the relevant section below.

Key findings:

• The average app requests access to just over 30 permissions in total, 8 of which are classed as high-level/“dangerous”
• The most common dangerous permissions are ones that request access to the device’s camera, access location data (precise geolocation data or approximate location based on cell tower or Wi-Fi data), read and write to external storage (data outside of the app, e.g. stored on the device), and record audio
• 24% of apps (24 apps out of 102) potentially violate Google’s privacy policy standards
• The most common omission from privacy policies was the data retention period (not provided by 15 apps), followed by a clear policy on how users can delete their data (omitted, restricted, or unclearly defined by 11 apps)
• The average app comes with 8.7 trackers with one app (Zoosk) using 28
• These apps have been downloaded over 1.2 billion times in total (based on each app’s download figure listed on Google Play)

The average dating app requests access to 8 high-level, “dangerous” permissions

Our analysis of the 102 manifests from the dating apps we downloaded revealed that, on average, each app was requesting access to 30 permissions. Of these permissions, nearly 7.9 were classed as “dangerous” because of the type of data they request access to.

The most requested high-level permissions were as follows:

• CAMERA – Gives the app access to the camera function of the device
• ACCESS_COARSE_LOCATION – Gives the app access to the location of the device, accurate to within about 3 square kilometers
• ACCESS_FINE_LOCATION – Gives the app access to the location of the device, accurate to within about 50 meters
• READ_EXTERNAL_STORAGE – Allows the app to read data saved in external storage on the device (e.g. outside of the app)
• RECORD_AUDIO – Allows an application to record audio
• WRITE_EXTERNAL_STORAGE – Allows the app to write data to external storage on the device (e.g. outside of the app)

As previously mentioned, many of these permissions will be necessary for the app to provide its services, e.g. locating nearby dates (location data) or creating a dating profile (images). However, these permissions must be clearly defined in the apps’ privacy policies so the user knows from the outset exactly what data the app will request.

We found a worrying number of cases where this key information wasn’t included.

For example, one app – Udolly – didn’t mention that the app requests access to the user’s camera upon download. Nor did it mention that a user’s precise (“FINE”) location was also requested by the app. In fact, Udolly’s privacy policy was quite vague overall and failed to clearly define what data the app collects, how long this data is stored for, and how a user can request that their data be deleted.

13 apps in total didn’t stipulate that a user’s FINE location is requested upon download. One app, Zoosk, even states in its policy that: “We do not currently collect and store your precise geolocation” but the app’s manifest states that a user’s FINE location is requested upon download.

Which apps request access to the most “dangerous” permissions?

According to our findings, the following apps requested access to the most “dangerous” permissions:

• TanTan – 17 “dangerous” permissions: The TanTan app requests access to 57 permissions in total, with 17 of these being high-level. This includes a user’s precise location, camera access, and permission to access media files on a user’s device. However, TanTan does cover these permissions in its privacy policy and adheres to Google’s standards.
• Badoo – 16 “dangerous” permissions: Badoo also requests access to a total number of 57 permissions. Among the dangerous permissions are camera access and precise location data, but these are clearly defined in its policy. Badoo also adheres to all of Google’s standards.
• Bumble – 15 “dangerous” permissions: Bumble requests access to 52 permissions in total and 15 of these are high-level. All of these are covered in its privacy policy, as per Google’s requirements.

Seven other apps requested access to 14 “dangerous” permissions, and two of these were found to be in potential violation of Google’s privacy policy standards.

LitFlare and Mingle2 fail to provide information on how long data is retained for.

*Please note: all privacy policies were accessed from the UK (or a local server where privacy policy webpages were restricted to their location of origin, e.g. the US) so may differ from such apps’ privacy policies applicable or displayed in other countries. The policies discussed in this article were reviewed in January 2026 and these policies may have been updated since our analysis.

24% of apps potentially violate Google’s privacy policy standards

According to Google Play’s User Data section, privacy policies should:

• Have clear labeling as a privacy policy (for example, listed as “privacy policy” in the title).
• Feature the entity (for example, developer, company) named in the app’s Google Play store listing within the privacy policy or the app must be named in the privacy policy.
• Include developer information and a privacy point of contact or a mechanism to submit inquiries.
• Disclose the types of personal and sensitive user data the app accesses, collects, uses, and shares; and any parties with which any personal or sensitive user data is shared.
• Include the developer’s data retention policy.
• Feature the developer’s deletion policy.
• Not be presented in PDF format.

As mentioned previously, the most common omission from dating app privacy policies was the data retention period (missing from 15 privacy policies), followed by data deletion (missing from 11 policies). Five apps failed to clearly cover how data is accessed, collected, used, and shared, and five also failed to include contact details for users to submit inquiries. Two apps didn’t clearly label their policies.

Four apps had four potential violations each, these were:

• LovePlanet – the link for the privacy policy takes you to a “User Agreement” and isn’t clearly labeled as a privacy policy. It also fails to clearly detail how data is accessed, collected, used, and shared, and doesn’t include a data retention or deletion policy.
• Vivio – the privacy policy features a ton of information about the third parties it uses and their data policies (e.g. Facebook and Google), but doesn’t provide information on Vivio’s data processing, data deletion, or data retention policies. No contact information for the app is provided, either.
• iSingles – iSingles privacy policy is much the same as the above – a lot of information on third parties but a lack of information on iSingles data processing, deletion, and retention policies. No contact information.
• Cougar Dating Hookup App – there is no clear label for the app’s privacy policy, nor are there developer/privacy contact details. Data retention and deletion policies are also omitted.

Two apps had three potential violations each. These were Udolly (mentioned above) and Spice Flirt. Spice Flirt wasn’t clear on how users’ information is accessed, collected, used, and shared, and didn’t include a data retention period or a data deletion policy. Spice Flirt’s privacy policy further included a concerning clause that stated, “By using the Service you provide us with your information on a royalty-free basis, irrevocable, world-wide and sub-licensable.”

The average dating app comes with 9 trackers

A tracker is a small piece of code embedded into an app or website. It is designed to collect information about what you do and how the app responds. They provide advertisers with a snapshot of your likes and dislikes, and a way for developers to check an app’s functionality.

All but two (CasualX Hookup and FabSwingers) of the 102 apps we studied contained trackers. Zoosk had the most (28).

12 of the apps we covered had 20 or more trackers. The majority of these (9 out of 12) tracker-heavy apps appear to be owned by two companies: Red Panda Apps in the United States (5 apps) and Flintcast in the Czech Republic (4 apps).

Across the apps in this study, we found 73 different trackers in operation. The most frequently used tracker was Google Firebase Analytics (present in 91% of the apps), Google CrashLytics (present in 70% of the apps), and Facebook Login (present in 53% of the apps).

Google Firebase Analytics is a free tool that helps developers and app owners understand how users interact with their mobile apps and websites. Developers need to actively disable the automatic collection of granular location and device data. Failure to do so results in the collection of the user’s location, as well as the brand and model of their device.

Google CrashLytics is a real-time crash reporting and stability monitoring tool that’s used by developers to ensure their code is working as it should. It forms part of the Firebase development platform. Data automatically collected by the Firebase Crashlytics SDK when the app crashes includes stack traces, the state of the app when the crash happened, device metadata, and the Crashlytics installation UUID.

The Facebook Login tracker lets users sign in to non-Facebook apps and sites using their Facebook credentials. It’s often used alongside the Facebook Share tracker, which allows users to post to Facebook directly from the app.

Google and Facebook also have trackers related to advertising. The Facebook Ads tracker (Meta Pixel) is Meta’s foremost way of tracking user actions on third-party websites. 26 of the apps we studied use this. Additionally, GoogleAdMob is a way for developers to monetize their apps by selling space to advertisers. The Google Mobile Ads SDK automatically collects users’ IP addresses, their interactions with ads, and any device and account identifiers. It was used by 50 apps.

Other advertising-based trackers we spotted in our selection of dating apps include Verizon Ads, Yandex Ad, Unity3d Ads, Amazon Advertising, BidMachine, and IronSource.

In addition to advertising revenue, dating app companies often hide many of their features behind paywalls.

In 2024 alone, the dating app market’s revenue was $6.18 billion. $3.5 billion came from Match Group. Our research examined six of the Match Group’s apps – none of them were found to have any privacy policy violations.

The dating app oligopoly

Our research also found that many dating app companies operate multiple apps, like Match Group. In fact, six companies owned 36 of the apps we studied.

As you can see from the above table, some companies feature far more trackers in their apps than others. SOL Networks Limited, the company with the most apps, averages only four trackers per app, while Red Panda features 27 across each of its apps.

Red Panda also had two apps that are in potential violation of Google’s privacy policy requirements. Liketoo and Lovector fail to include clear information on how a user can request their data be deleted, while Red Panda’s other three apps do include this information.

Spark Networks had two apps in potential violation of Google’s privacy policy requirements. SilverSingles’ policy has two potential violations – first, no data retention period is stipulated, and second, there’s no information on how a user can request data deletion. The policy simply states that they have the right to, but provides no information on how. JDate‘s policy also fails to feature a data retention period.

SilverSingles further collects a user’s “FINE” location without mentioning this in its privacy policy. Zoosk (mentioned above) is also owned by Spark Networks and also fails to do this.

App developer responses to our findings

If we receive any responses from the app developers mentioned above, we will add their replies here.

Please note: the email addresses provided by the apps Vivio, iSingles, Spice Flirt, and Jdate all bounced.

How to keep your data safe while using dating apps

Before you click “download” on an app, it’s a good idea to look into what data the app will collect upon download. You can see some information on this in the Google Play Store. Simply click on the “Data safety” section of the app page and look at the “Data collected” section:

Reading the privacy policy will also help you understand why this data is collected, how it may be shared, how long it’s stored for, and how you can have it deleted. However, as we’ve seen, some privacy policies fail to cover all aspects of the data collected.

You can check exactly what permissions the app is requesting through the app settings on your device. If an app is requesting a permission that you’re not happy with, you can then revoke this permission in these settings. We provide full details on how to do this here.

Methodology

First, we collated a list of the most popular dating apps on Google Play (based on the number of total downloads). We then examined their privacy policies to see if they covered the key areas stipulated in Google Play’s user data policy requirements. We also looked at what data the privacy policy said the app collected.

Then, we examined the individual manifests of each of the apps to see which permissions the apps were requesting. We assigned these into two categories – “normal” and “high level.” “High-level” or “dangerous” permissions are those detailed by Android as ones that “give your app additional access to restricted data or let your app perform restricted actions that more substantially affect the system and other apps.”

Privacy policies were accessed from the UK (or a local server where privacy policy webpages were restricted to their location of origin, e.g. the US) so other versions may have been available for users in other countries. Privacy policies are also frequently updated so some may have seen changes since our analysis.

Data researchers: Justin Schamotta, Mantas Sasnauskas