Security researchers unveiled a flaw in the popular Tinder dating app Wednesday that allowed users to track each other’s real-time location for the majority of 2013 — a loophole which anyone capable of basic programming could exploit.
Tinder is a dating app that uses the real-time geo-location data of nearby users to connect with one another, and for much of 2013, a vulnerability in the app allowed a user to track the exact location of another user while the app was running. When the app was closed, a user could still be tracked to the last place they used Tinder.
Include Security discovered the bug and reported it to Tinder last fall. A simple hack allowed a user to triangulate another user’s position with an algorithm that would provide the exact latitude and longitude of said user. Anyone capable of basic computer programming could execute the hack.
“Due to Tinder’s architecture, it is not possible for one Tinder user to know if another took advantage of this vulnerability during the time of exposure,” Include Security Founder Erik Cabetas said in a Net Security report. “As more and more applications are being built to include geo-location services, there is an increased risk to the privacy and safety of users.”
After alerting Tinder to the problem numerous times between October and December 2013, Tinder issued a fix sometime between December and January 2014.
“Application vendors and developers have a responsibility to ensure their users’ privacy and security is protected, vulnerabilities are communicated promptly, and priority is given to developing important fixes like this,” Cabetas said.