Popular online dating application Tinder has finally taken steps to bolster the security of its users by encrypting some of its data to better protect users' photos and information against malicious hackers. Parent company Match Group publicly announced in a letter to Senator Ron Wyden dated Wednesday (27 June) that it is now encrypting photos sent between Tinder's servers and its app.
"We take the security and privacy of our users seriously and employ a network of tools and systems to protect the integrity of our platform, including encryption," Jared Sine, general counsel for Match Group, wrote in the letter.
The letter comes after Senator Wyden urged Tinder back in February requesting that the company encrypt photos and address its security "lapses".
Tinder has now revealed that the images transmitted between the Tinder app and servers are now fully encrypted as of February 6 while images on the web version of Tinder have also been encrypted.
In January, security researchers from Tel Aviv-based firm Checkmarx revealed that Tinder's iOS and Android mobile apps still lacked basic HTTPS encryption, which means anyone sharing the same Wi-Fi as you could potentially see your Tinder photos or add their own.
The researchers managed to build a proof-of-concept app called TinderDrift that was able to reconstruct a user's Tinder session if they shared the same Wi-Fi. Although the matches and actions on Tinder such as swipes were encrypted, the researchers were still able to differentiate the commands - like left swipe, right swipe, a Super Like, and a match - from one another based on the patterns and size of bytes that represent each.
Exploiting Tinder's lack of protection, hackers could potentially simulate and spy on users' photos, swipes and matches to leverage them in blackmail schemes, insert inappropriate content or more.
As of June 19, Tinder said they have padded their swipe data so that all actions are now the same size.
"Like every technology company, we are constantly working to improve our defenses in the battle against malicious hackers and cyber criminals," Sine wrote. "Out goal is to have protocols and systems that not only meet, but exceed industry best practices.
As you can imagine, in an effort to avoid tipping off would-be-attackers, we do not publicly disclose our specific security tools or enhancements we implement. But, please know that we are continually working to stop cyber threats and attackers."