Dating App Testing Checklist (Safety + Privacy First, 2026)

Dating apps carry more safety-critical UX than most consumer apps. Location precision, identity verification, private photos, abuse reports, block mechanisms, and consent flows all have real consequen

Dating apps carry more safety-critical UX than most consumer apps. Location precision, identity verification, private photos, abuse reports, block mechanisms, and consent flows all have real consequences. This checklist covers what to verify across onboarding, browse, match, message, and safety tooling.

Onboarding

1. Age verification — user must be 18+; integrations that verify are trustworthy
2. Photo upload — required or optional per policy, face detection to reject non-face uploads
3. Profile completeness gating (can browse before complete, or not)
4. Identity verification flow (selfie match) functional and liveness-checked
5. Preferences capture (orientation, distance, age range) with appropriate defaults
6. Location permission — precision trade-off explained
7. Consent flows for data sharing, photo sharing, community guidelines

Browse / discovery

1. Profile cards load images without jank
2. Swipe gestures responsive, undo where offered
3. Out-of-distance profiles filtered
4. Blocked / reported users never shown
5. Match algorithm transparency (optional but increasingly expected)
6. Boost / premium visibility features labeled non-deceptively

Profile

1. Edit bio — newline handling, char count
2. Photo reorder, delete, add
3. Private photos — access control, revocation visible
4. Verification badge clearly indicates level (selfie, ID, phone)
5. Social links (Instagram, Spotify) connect securely via OAuth

Matching

1. Match notification fires (both sides) in under 10 seconds
2. Match list paginates
3. Expiry behavior (24-hour initial message window) clear
4. Unmatch — immediate effect both sides

Messaging

1. Chat messages deliver in order with timestamps
2. Typing indicator respects privacy setting
3. Media share — photos and voice only (policies vary)
4. Voice / video call flows (if present) secure and opt-in
5. Read receipts — opt-in or always-on per product
6. Report from chat screen accessible

Safety

1. Block user — severs all interactions immediately
2. Report user — reaches moderation queue with evidence
3. Photo screening (AI) rejects explicit content before upload
4. In-message explicit content warned to recipient with blur-first
5. Emergency / crisis resources accessible from profile or help
6. Meeting-in-person safety guide
7. Ghost / fade-out patterns detected and counseled

Privacy

1. Location precision limited (1 km / 1 mi), never exact
2. Last-active timestamp coarse or optional
3. Incognito / stealth mode (if offered) truly hides from swipe deck
4. Data export and delete account functional
5. Third-party ad tracking respects consent
6. Analytics events do not include sensitive fields (orientation, HIV status, substance-use answers)
7. Cross-app linking (Instagram import) respects the imported network's privacy

Payments and premium

1. Subscription flows — trial periods, auto-renew disclosure, cancel path equally prominent
2. In-app purchases (boost, super-like) — no accidental tap charges
3. Refund policy clear
4. Scam / catfish mitigation — new-account rate limiting on sends

Edge cases

1. User deletes account — photos / messages / match history handled per policy
2. User returns after deletion — new account isolated or restore offered
3. Catfish detection — repeated reports trigger review
4. Bot / spam account patterns — proactive detection
5. Fake location via GPS spoof — detected and flagged
6. Minor accidentally signed up — detection, termination, regulatory report

Accessibility

1. Screen reader navigates profile cards
2. Bio text alt-announced
3. Voice / audio profile alternatives for vision-impaired users (if supported)
4. Captions on video profiles
5. Large tap targets on swipe buttons

Security

1. Photos stored encrypted at rest
2. Messages in transit TLS-pinned
3. Password reset does not leak account existence via timing or error text
4. Multi-device sessions manageable with remote revoke
5. Device change requires re-auth

How SUSA tests dating apps

Dating apps live at the intersection of social, payment, and safety. SUSA personas:

• adversarial stresses block/report flows, attempts circumvention
• accessibility_user checks screen-reader narration of profile cards (often poor)
• novice catches onboarding friction that first-time users drop at
• impatient flags slow match / slow chat delivery

Security analysis catches the common PII-in-logs and cleartext-in-URL bugs. Flow tracker auto-detects login, registration, checkout/upgrade flows. Accessibility_user persona drives VoiceOver-equivalent, auditing label quality on swipeable profile cards (which are notoriously hard to expose to screen readers).

susatest-agent test dating.apk --persona adversarial --steps 200
susatest-agent test dating.apk --persona accessibility_user

Dating apps also need dedicated trust & safety processes that sit outside QA — content moderation training, escalation to law enforcement where needed, user-experience research with marginalized groups. SUSA handles the engineering bug surface; safety needs human judgment layered on top.