Tinder App Lacks Encryption, User's Privacy at Risk: Checkmarx

Advertisement
By Sumit Chakraborty | Updated: 24 January 2018 11:21 IST
Highlights
  • Researchers have disclosed two major flaws in Tinder app
  • Attacker can spy on a user's every move in the app
  • Hacker and user will have to be on the same Wi-Fi network

Tinder mobile app lacks security protections, leaving users vulnerable to eavesdropping, a report by security researchers claims. Researchers say the dating app is not using encryption to prevent hackers from snooping on users sharing the same network. Lack of basic HTTPS encryption essentially means that anyone can extract Tinder pictures and other data such as user swipes.

Tel Aviv-based security research firm Checkmarx found the vulnerability on Tinder's Android as well as iOS apps. In order to demonstrate an attack, the firm has created an app called TinderDrift. In a video on YouTube, we can see how such an app could be used to follow Tinder users' actions on Tinder if the person is sharing the same Wi-Fi.

Advertisement

The researchers have disclosed two flaws - CVE-2018-6017 and CVE-2018-6018 - in the app. The report says, "Our research found two vulnerabilities that, once combined, enable a malicious attacker to spy on a Tinder user's every move in the app." This means hackers can see a user's profile, profiles which the user views, as well as actions like swiping left or right, and more. The attacker can follow the user's Tinder matches and seriously compromise the user's privacy, the researchers noted.

Notably, in order to carry out an attack, hackers will have to be on the same Wi-Fi network as the user, the report claims. Since Tinder is an app usually used in public spaces, people are likely used to be accessing public Wi-Fi, leaving themselves potentially exposed. Additionally, other scenarios include VPN connection, DNS poisoning attacks, or malicious Internet service providers.

The report also claims that hackers can use user's private information to potentially swap the photos a user sees for inappropriate content or rogue advertising. It has recommended Tinder users to avoid public Wi-Fi networks wherever possible until developers take steps to make sure all app traffic is secured.

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Everything We Know About the Nothing Phone 4b
  2. Amazon Prime Day 2026: 55-inch Smart TV Deals from Lumio, Samsung and More
  3. Best Camera Phones Under Rs. 30,000 for Content Creators in India
  1. Amazon Prime Day 2026 Laptop Deals: Best Discounts on HP, Asus, Lenovo, Dell, Acer Models
  2. Best Camera Phones Under Rs. 30,000 for Content Creators in India: Motorola Edge 70 Fusion, Galaxy F56, More
  3. Boat Stone 900 Launched in India With Up to 80W Sound Output, Up to 15 Hours Audio Playback: Price, Features
  4. Cyberpunk 2077 Has Sold 40 Million Copies, CD Projekt Red Confirms
  5. Nothing Phone 1 Receives Final Software Update With Latest Security Patches, Bug Fixes and Improvements
  6. Nokia 235 4G (2026), 215 4G (2026) Launched Alongside Nokia 210 4G, and 200 4G With AI Assistant Button
  7. Samsung Galaxy S27 Ultra Battery Details Leaked; Could Top iPhone 18 Pro Max's Battery Capacity
  8. OnePlus Ace 7 Series Tipped to Feature 185Hz Display, 9,000mAh Battery
  9. WhatsApp Rolls Out Primary Device Support on iPad, Tests New Setup Screen for Android Tablets: Report
  10. Government Directs App Stores to Remove Malicious Apps Used to Disrupt E-Rickshaw Operations: Report
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.