Tinder’s Flaw Giving Out User locations
|Include Security has once again established another security issue with the popular dating app Tinder late last year that gives out the exact location of its users and anyone with a little programming skills can access the longitude and latitude of any user.
This was highlighted last October to Tinder and they had fixed the issue by January, but it still remains and is leaking out information of the users, in his statement Max Veytsman of Include Security in his blog post said “Tinder is no longer returning exact GPS co-ordinates for its users, But it is leaking some location information that an attack can exploit”.
Trying to test his theory Veytsman has built a private WebApp called the Tinder Finder and by supplying the UserID and a targe city and showed the vulnerability in a video and said “Tinder has fixed this, and they’ve followed our recommendations for how to mitigate it. And this is no longer possible to do”.
The official statement from the Sean Read the Co-Founder and CEO of Tinder announced that though “theoretically” there was a possibility of knowing the User’s location the flaw was fixed immediately and now there have been measures to circumvent on the location data with an obscure location data patched the privacy of users would be intact.
According to Include Security, Tinder is not the only one with this security issue and there are many other apps out there which have access to the location data and would have possible personal data security vulnerabilities due to them using the location services which are unable and incapable of properly encrypting the data that is being sent out from their apps.