Tinder is a dating app that allows users to search for potential matches based on proximity. There's been a lot of talk of the app's popularity with Olympic athletes, which the media seems to be eating up. Yesterday, some security researchers published an article saying that they had figured out how to use Tinder to get users' exact locations.
According to the article, Tinder had a vulnerability earlier this year that made latitude and longitude coordinates of any Tinder user available to anyone with "rudimentary programming skills." The issue was patched by Tinder, but the patch created another vulnerability - triangulation. From the article:
I can create a profile on Tinder, ... tell Tinder that I'm at some arbitrary location, and query the API to find a distance to a user. When I know the city my target lives in, I create 3 fake accounts on Tinder. I then tell the Tinder API that I am at three locations around where I guess my target is. Then I can plug the distances into the formula on this Wikipedia page.
The results are pretty accurate!
This may seem like an issue inherent to an app like Tinder or Grindr, apps designed specifically around the location of the user. But in reality, everything from Google Maps to your weather app use GPS location data to better serve you, and it is up to the creators of these apps to make sure this kind of information is not vulnerable.