Tinder Security Flaw May Lead to Potential Spying


Are you fond of Tinder? Well, you might want to check this out!

Tinder, a mobile dating app where you can find your destiny in just a click! But are you really sure that your safe with the information your posting on your profile? Let’s find out!

There’s this basic security measure that’s missing in this top dating app and could lead to embarrassment. People might see who your potential matches, along with whether you swipe left or right, a security firm has found.

This flaw was discovered by researchers from Checkmarx, a security firm. The company said that it may come from the Tinder’s decision not to use HyperText Transfer Protocol Secure or HTTPS. That is in encrypting photos on its iOS and Android apps.

Websites that uses HTTPS instead of using only HyperText Transfer Protocol or HTTP, encrypt communications between the user’s browsers or app and web server. With the help of this, important information is protected against hackers and eavesdroppers.

It’s alarming because photos that are not encrypted may lead eavesdroppers using the same Wi-Fi connection to see your profile. Also, they might able to see your potential matches and the photos you uploaded. And the worst scenario, hackers may put images and malicious content into the app feed.

Lacking of encryption may lose sense of privacy whether it is in your house or office. Although passwords and sensitive data are not leaked but this may cause a potential blackmail, researchers said.

A Tinder spokesperson said in an email that they knew about the missing encryption. They added that the photos are publicly available to anyone who uses Tinder. The company said that its desktop and mobile web platforms already encrypt images, and they’re working them in the app.
Erez Yalon, manager of application security research at Checkmarx said that Tinder should fix this problem to prevent potential spying. He already reported the issue to Tinder in mid-November last year.

The security firm created an app called Tinder Drift to demonstrate a potential spying scenario.