The trendy dating app Tinder has been praised for its simplicity, but it’s security and privacy practices don’t deserve as many kudos.
Tinder climbed their way up the app charts by “finding interesting people around you” and allowing you to swipe yes or no on your smartphone after seeing their profile picture. In order for Tinder to locate nearby users, of course, Tinder has to find you first.
And until very recently, other people could find you, too.
Is the discovery of Tinder’s vulnerability important even for those who don’t use the app? Yes. Understanding how your location can be accessed, used, and abused is a privacy necessity that extends far beyond Tinder swipes.
Tinder reveals app users’ locations
Security firm Includesec recently revealed that the encrypted location data of Tinder users was, well, not really encrypted. According to Matt Burns from Includesec, the Tinder app was “sending exact distances” of other Tinders users to every smartphone, which could then be used to triangulate their location.
The firm demonstrated Tinder’s vulnerability by creating an app called Tinderfinder, which could place users on a map that accurately depicted where they were.
Includesec released a video explaining how this privacy oversight could be exploited. Tinder responded by fixing the vulnerability. You can watch the Includesec video in this article by Matt Burns.
Burns points out that this is the second time Tinder has experienced a major security breach since its founding in 2012. In July 2013, the app exposed private user data for as long as two weeks.
Does Tinder’s simplicity lead to a false sense of security?
The unique aspect of Tinder is its simple premise. Unlike other dating sites that rely on thoroughly complete profiles, including your career, hobbies, and relationship wants, to identify potential matches, Tinder lets you accept or reject people solely on their appearance.
Tinder users only get a glimpse of another user before deciding to swipe left or right. This, combined with the fact that two Tinder users have to mutually accept each other to begin messaging, may provide a false sense of security.
After all, in order to use Tinder, you must connect your account to Facebook and enable location services on your smartphone. The security of the latter, as Tinder’s two security breaches have demonstrated, is far from foolproof.
Countless other companies, like Yahoo and Kickstarter in the past several weeks, have fallen victim to mass hacking of their users’ data. The increasing frequency and sophistication of data breaches shows that users need to be careful with their private information everywhere—even if it is not disclosed to other users, like in the case of Tinder.
Tinder’s future: more intimate than ever
Tinder is one of today’s hottest apps, but the intimacy is not limited to the relationships it facilitates among users. Tinder also wants to get more intimate with its users’ personal information by honing in further on their exact location.
In an interview at the Berlin TechCrunch Disrupt conference in 2013, Tinder Founder and CEO Sean Rad expressed his goals for the company’s future. Rad hopes that the product will soon be able to pinpoint other Tinder users in the same room. This indoor location technology is now a bonafide reality, as proven by the iBeacon tracking that retail stores are now using.
While Rad believes the improved location tracking will allow Tinder users to create meaningful relationships with people they see in person, it’s important to remember that increased tracking requires increased security. The explosion of data breaches in 2013 and Tinder’s recent privacy blunders point to the fact that companies are more focused on collecting user data than protecting user privacy.
At Disrupt, Rad said that Tinder users are now swiping over 350 million times daily.