Tinder’s Non-Existent Encryption Means Someone Could Be Watching Your Swipes

Researchers from an app security firm have made a rather worrying discovery about how encrypted certain parts of the dating app Tinder are.

The Tel Aviv-based firm Checkmarx discovered that if they were on the same WiFi network as someone using the app they could not only watch their swipes in real-time but could even inject their own images into that person’s app.

The team found that the loophole worked on both the iOS and Android versions of the app and could be used by a hacker to inject false images, post inappropriate content or use it for blackmail purposes.

The team were able to do all this because photos in Tinder lack one of the most basic forms of encryption known as HTTPS.

If you’re wondering just how widespread HTTPS encryption really is then look up at the web address of most websites and you’ll see the letters at the beginning of their site address.

Interestingly, Tinder does encrypt many other parts of the app, but by not encrypting the photos they’ve opened up an exploit that allows hackers to see who you’re swiping.

While the researchers acknowledge the loophole as being “disturbing”, they also ask an important question which is that with hacking of this kind becoming so widespread what would it take for us to leave these services altogether.

“Where do we, as users, draw the line? Is it at the smallest compromise of our privacy or do we shrug it off until sensitive data is stolen?” asks Dafna Zahger, the product marketing manager at Checkmarx.

The vulnerability is clearly a problem, but for most of us the chances of a) a hacker being on the same WiFi network as us and then b) looking to exploit how we use Tinder are small.

That being said it also raises the question that even if there isn’t someone looking to exploit this are we still happy to carry on using the app knowing our activity on it is easily viewable.

We’ve reached out to Tinder for comment and will update this piece as soon as we hear back from them.