Israeli app security firm Checkmarx has uncovered a number of privacy faults in the popular dating application Tinder, whereby potential hackers are able to access users' photos, swipes and matches.
Checkmarx found that while the application is mostly encrypted, the images uploaded by users were not, and users' swipe history was only weakly encrypted.
- 'Black Mirror' Will Make You Want to Delete Tinder and Get Rid of Your Roomba
- Tinder in Israel Has Become a Thriving Arena for Prostitution
- Swipe Aside Tinder, There's a New Jewish Dating App in Town
The Tel Aviv-based firm found that the privacy issues, stemming for a lack standard HTTPS encryption, was present in both the Android and iOS versions of the app.
Checkmarx's researchers noted that the lack of protection could leave user's open to threats of blackmail. The company said they had informed Tinder of their privacy faults in November, but the application has yet to close the encryption loopholes.
"The vulnerabilities, found in both the app’s Android and iOS versions, allow an attacker using the same network as the user to monitor the user’s every move on the app.
"It is also possible for an attacker to take control over the profile pictures the user sees, swapping them for inappropriate content, rogue advertising or other type of malicious content (as demonstrated in the research)," their website explained.
"Knowing an ill-disposed attacker can view and document your every move on Tinder, who you like, or who you decide to chat with is definitely disturbing," the blog post said.