Skip to main content
SpringerLink
Log in

Tinder Me Softly – How Safe Are You Really on Tinder?

  • Conference paper
  • First Online:
Security and Privacy in Communication Networks (SecureComm 2016)

Abstract

There are known privacy concerns with the use of Tinder, a popular dating app. In this paper, we examine previous attacks on Tinder that have not been documented academically. We also documented the Tinder network API in order to test the previous attacks in a live environment. Although our testing revealed accurate user location data, which was the crux of the prior attacks, has since been patched; we were able to: associate a Facebook profile with a Tinder account due to their shared information, see Facebook pages a user had liked or was a member of, as well as gather user images, which Tinder sends via plain HTTP, for a reverse image search. We also demonstrated the potential for a less accurate location attack that takes into account Tinder’s updated security.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    cURL is a command-line utility to send and retrieve data over the Internet. Detailed documentation on history and usage is available at: http://linux.about.com/od/commands/l/blcmdl1_curl.htm (last accessed: 20/07/2016).

References

  1. Tinder. https://www.gotinder.com/press. Last accessed: 20 July 2016

  2. Russel, S., Kissick, D.: Is Tinder really creating a ‘dating apocalypse’? https://www.theguardian.com/technology/2015/aug/16/tinder-app-creating-dating-apocalypse-twitter-storm. Last accessed: 20 July 2016

  3. Farnden, J., Martini, B., Choo, K-K.R.: Privacy risks in mobile dating apps. In: 21st AMCIS 2015 (2015). http://aisel.aisnet.org/cgi/viewcontent.cgi?article=1427&context=amcis2015. Last accessed: 21 July 2016

  4. Zhao, S., Luo, X., Bai, B., Ma, X., Zou, W., Qiu, X., Au, M.H.: I know where you all are! exploiting mobile social apps for large-scale location privacy probing. In: Liu, J.K.K., Steinfeld, R. (eds.) ACISP 2016. LNCS, vol. 9722, pp. 3–19. Springer, Cham (2016). doi:10.1007/978-3-319-40253-6_1

    Chapter  Google Scholar 

  5. Tinder on Google Play Store. https://play.google.com/store/apps/details?id=com.tinder. Last accessed: 17 July 2016

  6. I found out my internal Tinder rating and now I wish I hadn’t. https://www.fastcompany.com/3054871/whats-your-tinder-score-inside-the-apps-internal-ranking-system. Last accessed: 20 July 2016

  7. Official Tinder Blog – Giphy Announcement. http://blog.gotinder.com/say-more-with-tinders-new-messaging-features/. Last accessed: 20 July 2016

  8. Official Tinder Blog – Super Like Announcement. http://blog.gotinder.com/updated-introducing-super-like-a-new-type-of-swipe/. Last accessed: 21 July 2016

  9. Tinder Privacy Breach. http://qz.com/107739/tinders-privacy-breach-lasted-much-longer-than-the-company-claimed/. Last accessed: 20 July 2016

  10. Trilateration attack on any Tinder user. http://blog.includesecurity.com/2014/02/how-i-was-able-to-track-location-of-any.html. Last accessed: 20 July 2016

  11. Tinder Bot “Bonfire”. https://www.tinderliker.com/. Last accessed: 20 July 2016

  12. Tinder Bot “Auto Liker”. http://tinderautoliker.com/. Last accessed: 20 July 2016

  13. Tinder Bot with EigenFaces. http://crockpotveggies.com/2015/02/09/automating-tinder-with-eigenfaces.html. Last accessed: 20 July 2016

  14. Official Symantec Blog – Tinder Spam. http://www.symantec.com/connect/blogs/tinder-spam-year-later-spammers-still-flirting-mobile-dating-app. Last accessed: 20 July 2016

  15. Official Tinder Blog – Limited Swipe Announcement. http://blog.gotinder.com/keeping-tinder-real/. Last accessed: 20 July 2016

  16. D’Orazio, C., Choo, K.-K.R.: An adversary model to evaluate DRM protection of video contents on iOS devices. Comput. Secur. 56, 94–110 (2016)

    Article  Google Scholar 

  17. Facebook Developer Site – Access Tokens. https://developers.facebook.com/docs/facebook-login/access-tokens/. Last accessed: 20 July 2016

  18. A Universally Unique IDentifier (UUID) URN Namespace. https://tools.ietf.org/html/rfc4122. Last accessed: 20 July 2016

  19. Married Politician on Tinder. http://www.news1130.com/2015/01/12/married-lower-mainland-federal-politician-appears-on-dating-app-tinder/. Last accessed: 20 July 2016

  20. Facebook Robots File. https://www.facebook.com/robots.txt. Last accessed: 20 July 2016

Download references

Author information

Authors and Affiliations

  1. School of Information Technology and Mathematical Sciences, University of South Australia, Adelaide, Australia

    Mark Carman & Kim-Kwang Raymond Choo

  2. Department of Information Systems and Cyber Security, University of Texas at San Antonio, San Antonio, USA

    Kim-Kwang Raymond Choo

Authors
  1. Mark Carman
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kim-Kwang Raymond Choo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kim-Kwang Raymond Choo .

Editor information

Editors and Affiliations

  1. Singapore Management University, Singapore, Singapore

    Robert Deng

  2. Jinan University, Guangzhou, Guangdong, China

    Jian Weng

  3. University at Buffalo, Buffalo, New York, USA

    Kui Ren

  4. SRI International, Menlo Park, California, USA

    Vinod Yegneswaran

Rights and permissions

Reprints and permissions

Copyright information

© 2017 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Carman, M., Choo, KK.R. (2017). Tinder Me Softly – How Safe Are You Really on Tinder?. In: Deng, R., Weng, J., Ren, K., Yegneswaran, V. (eds) Security and Privacy in Communication Networks. SecureComm 2016. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 198. Springer, Cham. https://doi.org/10.1007/978-3-319-59608-2_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-59608-2_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-59607-5

  • Online ISBN: 978-3-319-59608-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation