Swipe Right For Tinder Users' Exact Location

Thursday, February 20, 2014 - 02:12 PM

(Tinder)

Tinder is a dating app that allows users to search for potential matches based on proximity. There's been a lot of talk of the app's popularity with Olympic athletes, which the media seems to be eating up. Yesterday, some security researchers published an article saying that they had figured out how to use Tinder to get users' exact locations.

According to the article, Tinder had a vulnerability earlier this year that made latitude and longitude coordinates of any Tinder user available to anyone with "rudimentary programming skills." The issue was patched by Tinder, but the patch created another vulnerability - triangulation. From the article:

I can create a profile on Tinder, ... tell Tinder that I'm at some arbitrary location, and query the API to find a distance to a user. When I know the city my target lives in, I create 3 fake accounts on Tinder. I then tell the Tinder API that I am at three locations around where I guess my target is. Then I can plug the distances into the formula on this Wikipedia page.

The results are pretty accurate!

This may seem like an issue inherent to an app like Tinder or Grindr, apps designed specifically around the location of the user. But in reality, everything from Google Maps to your weather app use GPS location data to better serve you, and it is up to the creators of these apps to make sure this kind of information is not vulnerable. 

Tags:

More in:

Leave a Comment

Email addresses are required but never displayed.

Supported by

 

Embed the TLDR podcast player

TLDR is a short podcast and blog about the internet by PJ Vogt and Alex Goldman. You can subscribe to our podcast here. You can follow our blog here. We’re also on Twitter, and we play Team Fortress 2 more or less constantly, so find us there if you like to communicate via computer games from six years ago.

Subscribe to Podcast iTunes RSS

Feeds