Popular Chinese Tinder clone TanTan is sending user details in cleartext and sports an API that allows users locations’ to be triangulated. Developer Larry Salibra reported the flaws to TanTan, which has pledged to use encryption in future. The security slip means users’ partner preferences, locations, and personal information are exposed to any man-in-the-middle attackers – for example, snoopers watching traffic on airport or cafe wireless networks. “Much to my surprise, the information sent between my phone and Tantan’s server somewhere on the other side of the Great Firewall deep in Mainland China was completely readable,” Salibra says. “I could see the password I had just entered, my phone number and all the people I was being matched with.
View full story
ORIGINAL SOURCE: The Register