To find a ‘match’ in Tinder we have to share personal information with other users. If you don’t have at least one picture and you don’t describe yourself a bit, how will anyone know if they are interested in you? The same happens when you visit other profiles.
However, each person can decide what to make public and what not to. At least in theory, because a recent study by the University of South Australia questions the privacy of the eight most popular dating apps in Google Play, including Tinder and Grindr.
The research done by these computer security experts shows how easy it is to access the data stored in these tools (hidden from the rest of the community), as email addresses and private messages exchanged with other users.
The first thing they did was to create a fake profile on each of the dating apps and from a cell phone try to steal other users’ information. They became cyber thieves for research purposes intercepting the network’s traffic data and tracking the apps supposedly private directory.
A major concern is that they discovered that all these apps had huge security gaps which made them vulnerable to this kind of attacks, achieving their goal: they obtained personal information from many profiles and saved it in their phones.
In Tinder, which has over 50 million customers, they stole the pictures on all the profiles they visited with their fake account. In addition, they obtained their Facebook ID (a different sequence of numbers and letters assigned to each person), and with it they were able to identify all the accounts in the social network and access them.
If we take a look at Grindr, the findings are even more alarming. The research team amassed large amounts of personal information belonging to the different users they had visited with their fake account; from their birthdate to the distance between them and the owner of the last profile they viewed, through a complete record of all sent and received emails and their email account.
In the light of the results, the authors warn us to be careful with the applications we choose for meeting people. They also recommend that developers add stricter security measures to prevent attacks, like the ones the researchers performed without many difficulties.
In addition, they claim that the cell phone is the cybercriminals’ main target: most users, regardless of their age and sex, have one. In them we store personal information not not even known to friends or family.
This is not the first time a research questions Tinder’s security level. In 2013, another research team found that it is possible, due to the tool’s vulnerability, to know the longitude and latitude of a user.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
