By Matthew Mattie
Tinder is one of the first “swiping applications” that allows its users to swipe through various profiles in order to make social connections. The application has been used by over 20 billion people in over 196 countries, predominantly for its services as a dating platform. Tinder works like this, if a user swipes right on another user’s profile, that means he or she has liked that user’s profile. On the other hand, if a user swipes left on another user’s profile, that means he or she has disliked that user’s profile. Security experts are warning current Tinder users of a potential and serious security flaw in the application’s ability to protect a user’s information and activity. A report just recently published by the prominent cybersecurity firm, Checkmarx, states that there are two serious security flaws in Tinder’s iOS and Android applications. Tinder’s security flaws stem from the application’s ineffective use of encryption. Tinder does not utilize HTTPS protocol to encrypt a user’s profile pictures which can allow hackers to see not only a user’s own profile picture, but also all the pictures that a user has swiped on. Not only can a hacker see a user’s activity, but hackers can replace a user’s images with different images, and a link to a website containing malware in order to steal personal information.
The encryption tool, HTTPS, has been a prominent security feature utilized by almost every known website and application. Websites and applications do not want lawsuits from consumers and users in regard to his or her privacy being violated. It is widely known in the technology industry that there are serious implications for not incorporating HTTPs protections after a study in 2010 conducted by Firefox allowed an add-on concept to siphon unencrypted traffic off a local network. Experts from Checkmarx developed a piece of proof-of-concept software referred to as TinderDrift to demonstrate Tinder’s current security flaws. Furthermore, experts from Checkmarx have gone on the record saying that the security flaws from Tinder allow hackers to “know everything: what they’re [users] doing, what their sexual preferences are, a lot of information.”
In response to such reports and statements by Checkmarx, Tinder has stated that “like every other technology company, we are constantly improving our defenses in the battle against malicious hackers.” Tinder also clarified that a user’s profile pictures are and have always been public. When Tinder initially launched in 2012, its developers could make the arguments that by utilizing HTTPS, it would have significantly slowed down the application.
When looking at the big picture of this problem, we as a society must think about the fact that perhaps we have pictured a lack of privacy as the new norm. It appears that even with an application like Tinder having serious security risks to a user’s privacy, over 20 billion seem to not be fazed by the idea that their content and information may be accessed by hackers. From an outsider’s perspective, this is not what the norm should be. It should not be when a hacker actually invades a user’s information for Tinder to take action. More importantly, it shouldn’t take such an invasion of privacy for us as a society to realize the legal consequences that can occur from using such applications.
Student Bio: Matthew Mattie is a 2L at Suffolk University Law School. He is currently a staff member of the Journal of High Technology. Matthew holds a B.S. in Finance and graduated with cum laude honors from Providence College in 2016.
Disclaimer: The views expressed in this blog are the views of the author alone and do not represent the views of JHTL or Suffolk University Law School.