Tinderface — Stalking your Facebook friends on Tinder

3 min readJul 28, 2016

Have you ever wanted to stalk your friends on Tinder? — What’s wrong with you? Well, actually… stalking online is pretty common these days. We can easily view peoples’ Facebook and Instagram and they won’t know, unless we accidentally like one of their photos. We can stalk peoples’ LinkedIn as well, but depending on your settings, the person might see that you viewed their profile. Tinder is different than most social media apps because it’s used for dating. Most of us probably wouldn’t be comfortable with our friends seeing our dating profile, since we might be sharing personal information and embarrassing photos that are carefully curated to swoon potential matches. What if I told you it’s actually possible to see your Facebook friend’s Tinder profiles without them knowing? — Tinderface lets you exercise your inner creep and stalk your Facebook friends on Tinder.

How does Tinderface work?

Tinderface utilizes Tinder’s private API to retrieve information that the Tinder client already receives and uses it to present a UI for the user to interact with. The Tinder profile on Tinderface will show the user’s biography, photos, distance away, and best of all: when they were last active, which was actually removed from the Tinder app, but their API still sends the timestamp.

Can I see all of my Facebook friend’s Tinder profiles?

No, you can only see the Tinder profiles of your Facebook friends who have explicitly opted-in to Tinder Social.

Will Tinderface hack me?

Tinderface does not save any information about you. We simply use your Facebook Access Token to fetch your Tinder authentication token so that we can automate API requests. We do not save your Facebook or Tinder tokens. You can view the source on GitHub and run the app yourself if you’re paranoid.

Why Tinderface?

Tinderface isn’t the first method to exploit this user privacy vulnerability. A hacker named Alex wrote a more detailed blog post about the vulnerability and even emailed Tinder beforehand, but they didn’t seem to care. Tinder told Alex that the information that exposes your Facebook friends’ Tinder user ids is a feature of Tinder Social, and not a bug. Alex also wrote a Python app called Tinder Detective which basically does what Tinderface does, but I built my own so I could polish the UI/UX in hopes that a lot of people will use it and it will get the attention of Tinder so that they fix this vulnerability. I‘m hoping that after tons of Tinder users realize their friends can see their profile, “Tindergate” as I’m predicting the scandal will be called, will go viral, or users will contact Tinder and express their discontent.

I have hope that Tinder will eventually fix this flaw, since they previously fixed a couple of exploits I reported that allowed me to crash matches’ phones and send any image I wanted (not just GIFs).

Custom Tinder Social Group Status

Tinderface also lets you set a custom status for your Tinder Social group. Currently Tinder limits you by forcing you to select from a list of predefined statuses, but now you can make your status whatever you want (60 char max) with Tinderface. If you’re already in a Tinder Social group, it will show up at the top of Tinderface along with your group’s current status. Just click the “Edit Status” button and enter a new status in the dialog.