In January Wired reported that by not utilising strong end-to-end encryption and application security Tinder’s user data could be intercepted and reconstructed to view what users were seeing and doing without their knowledge.
Tinder, Lack of encryption lets strangers spy on swipes
None of us want our personal information to be seen by others and when that information could be our sexual orientation, preferences and who we are interacting with it’s a very serious or potentially even dangerous invasion of privacy.
Now a US Senator has written to Tinder’s chief executive Greg Blatt explaining that he wants Tinder to use secure connections for all traffic the app transmits, including photos and actions.
Senator tells Tinder to hook up its app with better security
These reports highlight how critical it is to protect all app data including media content, as piecing together seemingly unconnected data can be used to build up a profile and monitor user interactions. In addition it shines a focus on the need to not only encrypt but to also obfuscate data as without this step hackers can still steal valuable information.
We don’t want to single Tinder out alone as many of the applications we use have similar or worse vulnerabilities, but application developers and the companies that profit from our data have a responsibility and usually a legal requirement to provide a safe environment and experience for their users.
So why don’t they? Or why does it seem so difficult for them to do so? The answers are complex but they come down to choice first. App developers have a relationship with their users and make decisions to provide an acceptable level of privacy vs the trade off of building in more complex and perhaps development time consuming security.
Security is very complex and most developers are under pressure to get applications working and to market as their first priorities. This and the evolving nature of technologies and threats mean that in today’s increasingly connected and distributed world app developers need access to better tools and more effort and investment needs to be spent to ensure that we are all protected.
We say that it’s not enough now for developers to assume that the standard approaches to security will suffice and that all applications need to have a more robust security methodology built in.
A solid and appropriate security architecture should be defined from the start and have a prominent and continued role throughout the development cycle. Tools that can support security by design and make it easier to integrate the controls necessary to protect user data and privacy are essential to today’s development teams.
Psyphr can help development and business teams alike with this mission through its identity, authentication and end-to-end encryption features and would in this case have protected Tinder users data.
To find out more about about integrating Psyphr into your application and how we can help solve application security for you please get in touch with us.