san francisco - Due to a mistake by Tinder it is possible to sneak peek with users in action. For example, it is possible to see which profiles a person looks at and whether he or she swipes to the left (reject), to the right (interested) or to the top (very much interested). It is necessary to be on the same Wi-Fi network as the intended victim.
Security inspector Checkmarx has discovered the vulnerability. The problem is that the Tinder app, both on iOS and Android, downloads profile photos via HTTP connections, which are not secure, and not via the protected HTTPS. It is even possible to get malicious programs on users' devices via a detour.
User names and passwords are not intercepted and users are also not robbed, says Checkmarx. But users can be blackmailed if someone sees what they are doing.