China’s Tinder Promises To Improve Shoddy Encryption After Massive Flaws Exposed

Nov 18, 2015
|By Cate Cadell
2 min read

Screen Shot 2015-11-18 at 8.57.43 AM

Tantan, a close replica of Tinder, has vowed to improve its encryption after it was revealed the site had little to no protection against moderately competent hackers.

CEO and co-founder Yu Wang admitted in an email response that the lack of protection protocols was a “bad idea” and that they are seeking to fix the problems as soon as possible. The vulnerabilities were exposed in a report last Friday by Hong Kong-based entrepreneur Larry Salibra, who founded his own crowdsourced site-testing service.

Mr. Salibra claimed the site was “endangering young women and men by failing to use encryption”, drawing a comparison to the recent Ashley Madison hack which exposed thousands of personal data points.

Tantan’s CEO reached out to Mr. Salibra directly via email to respond to the allegations, saying that the company is now “working on releasing a version that fixes these two issues within the week,” though he claimed that the comparison with Ashley Madison’s breach was not accurate.

Among the vulnerabilities the report showed that sensitive data including personal telephone numbers and passwords were left unencrypted by Tantan. Other information including gender, sexual orientation, interests and hobbies were also left exposed through various means.

By viewing Tantan’s exposed console log though Apple’s developer kit Xcode, potential hackers are able to see a host of information about the app which is typically “turned off” in other apps to increase performance and protect sensitive information.

The report also revealed that Tantan had been using a list of ‘rude words’ to chide users who used certain phrases, such as colloquialisms for “let’s meet for sex” and “send nudes.”

China has a booming market of apps designed to facilitate romantic encounters, some with better reputations than others. Tantan is one of a handful of services that has an interface almost identical to Tinder. The latest breach reignites concerns surrounding the security of the many social apps flooding China-focussed app stores.

The country has seen a spate of high-level hacks and malware threats over the past year. In September a handful of the country’s most popular apps, including Didi, WeChat and NetEase Music, were infected with malware due to a tainted version of Apple’s developer kit.

Tantan’s most recent funding round was in February this year, when they raised $5 million USD led by Bertelsmann Asia Investments.

CHINA Social media tantan