BeReal: data protection and privacy

How secure is the BeReal App?

The new social media app BeReal is currently booming in the app stores and is becoming increasingly popular, especially among the younger Generation Z. This is because instead of showing edited images and staged videos like other social media apps, BeReal shows the “real life”. But as with all social media apps, the BeReal app also raises privacy concerns for many users. We have therefore made the test and subjected the BeReal app to a data protection review!

About BeReal

The app BeReal, which was developed in France in 2019, is a counterpart to other social media platforms such as TikTok or Instagram. Instead of uploading a picture from the photo gallery, users receive a push notification on their smartphone once a day – at a random time. From then on, they have two minutes to take a snapshot and share it with their friends. To be as authentic as possible, a photo is taken with both the front and main camera. Afterwards, they can look at the posts of other users. This is because BeReal only displays the pictures of the contacts once you have uploaded something yourself.

BeReal and data protection: This is how secure BeReal really is

In order to analyze the security level of the BeReal app, our security experts examined BeReal for possible security vulnerabilities as part of a pre-test. They tested BeReal for iOS (v 0.22.4) as well as for Android (v 0.35.2).

BeReal: Third-party providers & data transmission

Both the iOS and Android versions of the BeReal app include various trackers and analytics tools such as Google Analytics and Datadog. Meta data (e.g. login information) is transmitted by the app to the analytics service Amplitude. Another problem is that the app sends the contact data of the users to the US servers of BeReal. This sensitive information is thus transferred to a country outside the GDPR, so that secure handling of it is not guaranteed. Since BeReal is a French company, data processing along the EU GDPR would be desirable.

A man-in-the-middle attack has been successful with the iOS variant of the BeReal app. This means that unauthorized third parties can potentially read the transmitted data. A man-in-the-middle attack was also possible with BeReal for Android in the test runs – however, the app provides sufficient countermeasures here so that no data loss occurs.

BeReal: Access permissions

The app requires access to the camera, photo gallery, location and contacts of the user. However, since these permissions are necessary to use the full feature set, we do not rate the BeReal app as overprivileged.

BeReal: Data privacy assessment

Due to the identified security flaws, we do not recommend using the BeReal app. In particular, the iOS version of the BeReal app has numerous security risks, such as the possibility of a man-in-the-middle attack. The BeReal app does provide information about the type of data processed and the transfer to third-party providers in the privacy policy – however, this is only available in English and French.

Test results

Download the detailed test results of the BeReal app here for free:

• iOS
• Android