Tinder flaw could expose your swipes to snoops

There's a basic security measure missing from Tinder's mobile dating app.And it could let prying eyes see your...

Posted: Jan 24, 2018 7:21 AM
Updated: Jan 24, 2018 7:21 AM

There's a basic security measure missing from Tinder's mobile dating app.

And it could let prying eyes see your potential matches, along with whether you swiped left or right, a security firm has found.

The issue was discovered by researchers at the security firm Checkmarx. The company says it stems from Tinder's decision to not use HTTPS, a security protocol, to encrypt photos on its iOS and Android apps.

Sites that use HTTPS, compared to HTTP, encrypt communications between the user's browser or app and web server, so information is protected against hackers or eavesdroppers.

Because photos are not encrypted, it's possible for eavesdroppers on the same Wi-Fi network to monitor a user's behavior on the dating app and see photos of a user and potential matches. It also allows someone to inject images or malicious content into the app feed.

The lack of encryption could let a snoop spy on your Tinder activity in places like coffee shops or at work. Though no passwords or other sensitive data is leaking, researchers said this tactic could potentially be used to blackmail someone.

Tinder says it knows about the missing encryption. A Tinder spokesperson told CNNTech in an email Tuesday that photos on the Tinder app are publicly available to anyone using Tinder. The company said its desktop and mobile web platforms already encrypt images, and it is working toward encrypting them in the app.

Erez Yalon, manager of application security research at Checkmarx, said the application should be fixed to prevent potential spying. He added that he reported the issue to Tinder in mid-November.

Related: This $18 key can protect you from hackers

"There's absolutely no reason not to use HTTPS for everything," Yalon told CNNTech. "Letting sensitive data be transferred unencrypted is wrong."

Tinder encrypts other information within the app, but it was possible for researchers to figure out patterns that correlate to swiping left, right, and matching with someone. For example, swiping left is represented by 278 bytes each time.

By pairing swiping data with visible images, researchers showed it's possible for a hacker to see on whom someone swiped left or right. The firm created an app called Tinder Drift to demonstrate a potential spying scenario.

Article Comments

Mason City
67° wxIcon
Hi: 74° Lo: 60°
Feels Like: 67°
Albert Lea
66° wxIcon
Hi: 73° Lo: 59°
Feels Like: 66°
68° wxIcon
Hi: 74° Lo: 61°
Feels Like: 68°
Charles City
Few Clouds
70° wxIcon
Hi: 74° Lo: 61°
Feels Like: 70°
Scattered Clouds
67° wxIcon
Hi: 72° Lo: 58°
Feels Like: 67°
Tracking several rounds of rain this work week
KIMT Radar
KIMT Eye in the sky

Latest Video


Training for the real thing


Dog fight in Mason City


MILLIONS of pop tabs!


Up Close Look at City Water


Lifeguard Shortage


Minnesota governor to hand over power during knee surgery


Food bank's garden hopes to help feed local families


Trapp Trotter sentenced to 25 years in prison


Storm Team 3: Nine year anniversary of the largest tornado outbreak in Minnesota history


Trotter apologizes at sentencing for attempted murder

Community Events