SINGAPORE: Serial swipers had better take note - a research team has found "disturbing vulnerabilities" on dating app Tinder, which could allow strangers to spy on users' actions.



Tinder is a popular location-based mobile dating app that presents users with pictures of other users within a predetermined radius, allowing them to swipe left ("dislike"), right ("like") or upwards ("superlike") to signify their interest.



"Our research found two vulnerabilities that, once combined, enable a malicious attacker to spy on a Tinder user’s every move in the app," security firm Checkmarx said in its report on Tuesday (Jan 23).

The research demonstrated that Tinder lacks basic https encryption for photos, explained emerging technology magazine WIRED.

If they are on the same open Wi-Fi network - for example the same public hotspot - a stranger could see which profiles a Tinder user is viewing as well as explore the user's profile.

In addition, a stranger could also take control over the profile pictures a user sees and swap this for other types of content.



Even though other Tinder app data were https-encrypted, the researchers found that it was still possible for a stranger to see what actions a Tinder user took on the app - for example how they swiped for different profiles or who they matched with. This would "seriously compromise" the user's privacy, said Checkmarx.

The vulnerabilities were found in both the Android and iOS versions of the app.

"We can simulate exactly what the user sees on his or her screen," Erez Yalon, Checkmarx's manager of application security research, told WIRED. "You know everything: What they’re doing, what their sexual preferences are, a lot of information."



In a statement, a Tinder spokesperson told WIRED that "like every other technology company, we are constantly improving our defenses in the battle against malicious hackers".

According to Tinder's website, the platform counts 1.6 billions swipes a day across 196 countries.