The vulnerabilities were uncovered by cyber security firm Checkmarx, which describes them as “disturbing”.
It discovered that the Tinder app lacks basic HTTPS encryption for profile pictures, allowing anyone using the same Wi-Fi network as you to see the same profiles you come across on the app.
Checkmarx also found that different actions within the app produce specific patterns of bytes that are recognisable even in encrypted form.