Tinder isn’t using encryption to keep your photos safe from strangers who are sharing the same coffee shop Wi-Fi as you, security researchers found in a report today. Researchers from the Tel Aviv-based firm Checkmarx found that Tinder’s iOS and Android mobile apps still lack basic HTTPS encryption, meaning that anyone sharing the same Wi-Fi as you can see your Tinder photos or add their own into the photostream. The firm built a proof-of-concept app called TinderDrift, demoed on YouTube, that can reconstruct a user’s session on Tinder if that person is sharing the same Wi-Fi. Although swipes and matches on Tinder remain HTTPS-encrypted, potential hackers on the network can still tell encrypted commands apart due to the specific patterns of bytes that represent a left swipe, a right swipe, a Super Like, and a match, according to Checkmarx.
