It's important to note that what a hacker could do through these flaws is relatively narrow, but it does allow a person to gain access to sensitive personal information. The issue is due to a lack of HTTPS encryption on photos; other elements of the app that do require this kind of encryption still leaked enough information to be able to monitor a user's actions.

In order to exploit these vulnerabilities, Checkmarx built a tool called TinderDrift. Once it was connected to the same network of someone using Tinder, the team was able to intercept images sent without HTTPS. Additionally, they used information about the size of data transmitted to monitor what a person was doing on Tinder and connect it to the unencrypted image: a swipe left is 278 bytes, while a swipe right is 341 bytes. "We can simulate exactly what the user sees on his or her screen," Erez Yalon, Checkmarx's manager of application security research, told Wired. "You know everything: What they're doing, what their sexual preferences are, a lot of information."

It may seem minor, but trusting sensitive personal information to apps that don't protect it properly is a problem that's just getting worse. We reached out to Tinder for comment, and the company confirmed that in-app images aren't encrypted, but it says it's "working towards" doing so. The full statement is below: