If you are not a technical person, jump to Moral of the Story below.I thought, first thing I can do is to see the network traffic coming in and out of the app. So I installed a proxy on my Mac, Charles, and ran the i Phone’s Wi Fi through that proxy. But wait, did they just send the girl’s full profile over non-secure HTTP?We are at an age where data collection is technically easy for companies, and the users are willing to foolishly and unhesitantly give out their data, unaware of the The General Data Protection Regulation (GDPR) is coming on the 25th of May 2018.
So I switched to any other person there is on my match list, clicked on the button to send a pre-defined message, selected one of them “If you are famous, who would you be? Meanwhile I was preserving the log of Chrome Network Requests.
Okay, looking over the PUT and POST requests that we just created, I cannot find the word “famous” anywhere.
Is it that the word does not get sent, or is there something else going on?
Seems that they did a good job here in knowing that I am not using the proper SSL certificates and that I am performing a man in the middle attack.
I said, well if the i OS application is a bit hard to hack, let’s try the web application. I could almost see the same interface, same blurred faces, same inbox which I cannot read.