Tinder vulnerabilities let strangers see your swipes

Gelo Gonzales

This is AI generated summarization, which may have errors. For context, always refer to the full article.

Tinder vulnerabilities let strangers see your swipes
Tinder's lack of encryption opens up users to being spied on

MANILA, Philippines – Tinder vulnerabilities leave users wide open to being spied on, specifically via their ‘swipes’ and photos, according to a report by Wired

The vulnerabilities were revealed by Tel Aviv-based app security firm Checkmarx on Tuesday, January 23.

They found that these vulnerabilities allow hackers to see what photo a user is currently looking at, and then, whether the user swiped right (an approval), swiped left (a rejection) or matched with another user.

These vulnerabilities can be exploited by any individual that’s on the same WiFi network as the user. This means that Tinder users who care about their privacy would be smart not to connect to the app when on a public WiFi network.

The ability for strangers to see what photos a user is currently looking at is due to the fact that the app lacks basic HTTPS protection for photos. Other data on Tinder is HTTPS-encrypted but as the research firm has discovered, photos are still streamed unprotected. 

Swipe rights, swipe lefts, and matches are actually encrypted information – but not enough, the firm has discovered. In tests, the researchers were able to discern which is which because the file sizes of the said user operations are not encrypted. They were able to see that swipe rights are equivalent to 374 bytes; swipe lefts, 278 bytes; a match, 581 bytes. Combining these vulnerabilities, hackers can track a user’s behavior on the app. 

Checkmarx has notified Tinder about these vulnerabilities back in November, Wired reports, but yet they remain. Tinder issued a statement to Wired, saying that they’re working towards encrypting images on their app but said nothing about the exposed file sizes. Tinder also said that photos are public information to begin with. However, it’s a different thing when a third party is able to see what you’re currently seeing, along with specific interactions. Rappler.com

Add a comment

Sort by

There are no comments yet. Add your comment to start the conversation.

Summarize this article with AI
Clothing, Apparel, Person


Gelo Gonzales

Gelo Gonzales is Rappler’s technology editor. He covers consumer electronics, social media, emerging tech, and video games.