Users' locations, preferences and personal information are now exposed to man in the middle attackers through TanTan, a popular Chinese Tinder replicate. Larry Salibra, developer, says the app sends location data a few times per minute along with latitude and longitude coordinates that people can plug into Google Maps.
“Much to my surprise, the information sent between my phone and Tantan's server somewhere on the other side of the Great Firewall deep in Mainland China was completely readable. I could see the password I had just entered, my phone number and all the people I was being matched with,” said Salibra. If Salibra could see the password just being entered, a myriad of others could read it as well.
Lovers that match against attackers can also be found via the user identification numbers. Censorship information was left in the app by TanTan developers that let Salibra see words and phrases that users are not permitted to send.
The flaws were revealed in March, however Salibra's email was lost in an unmonitored spam inbox since TanTan did not have a dedicated security address.