Wow! I am shocked and humbled by the positive reaction to my post last Friday about how Tantan doesn't use encryption. The overwhelming interest on reddit and across Facebook and Twitter along with the interest from the mainstream media showed that many people understand the value of encryption and expect privacy.
I was also surprised to receive a polite email from Tantan CEO and Co-founder Yu Wang taking responsibility for their security problems and pledging to fix them. Eight months after I reached out to Tantan to report these problems is a bit long, but better late than never!
With his kind permission, I’ve republished his email below. I have inserted my own responses and comments inline in blue.
First of all, thank you for taking the time to look through the technical side of our app and highlighting issues you found. The issues of turning on HTTPS/SSL and turning off debugging are definitely correct and we are working on releasing a version that fixes these two issues within the week. Thank you.
We also want to clarify a few points.
- Due to the nature of the app, users fill in profile information on Tantan to make them available publicly for all other users. Profile information "exposed" through the API are available through the app anyway, especially since you need to be on the same network and thus close by to "listen in".
Users use Tantan with the expectation that information about who they like and don’t like and who they match with is private. They expect that a person will only know they like them if they swipe right. They also expect that the only person who can read their conversation with a person with whom they have matched is that match.
- Before any contact list information is sent we encrypt it using a one way hash function. This means that it is not possible for anyone else to see your contact list information. In fact we do not ourselves have access to their contact list information in clear text to protect user privacy.
Update: Several reached out to me to point out I was giving Tantan a pass on this point. One way cryptographic hashes are not encryption. It is very easy to generate (or buy/download) a list of hashes even with a laptop for all possible Chinese mobile phone numbers. Once you have this list, you can simply look up which hash.
To show how easy it is, I've included code below.
- It would be impossible and pointless to sniff someone's location. Pointless because you would need to physically follow them around and impossible because as soon as someone “moves” they will stop using the wifi network you are both on and you would no longer be able to “sniff” them. Aside from this we have also taken special steps to prevent others from being able to pinpoint your location through triangulation of the data you get from the API.
Not true. Data sent through the internet passes through a number of computer systems on its route from the user’s phone to your service. Anyone with access to those systems could track your users. They wouldn’t need to physically follow the user. Very possible.
- Lack of SSL on our API makes us vulnerable to traffic listening (by people who are in the same network as you) but this is radically different from a full database breach like the one Ashley Madison had.
User data is vulnerable to interception by people on the same network or any of the multiple public networks through which data passes on the way to reach your servers.
- We have a list of sensitive words in the app which we use to remind users to behave in a civilized way. Unfortunately some guys do not know how to talk to girls and need some friendly reminders.
With all this said not having HTTPS/SSL really IS a bad idea in general and we are working on releasing it ASAP. Thank you for bringing this to our immediate attention.
In order to handle such issues with more diligence we have created the mailbox email@example.com If there are any other issues you have found or if you have any questions you are welcome to contact us there or to contact me directly on firstname.lastname@example.org
This is great. Thank you very much!
It would be even better if you could provide a public PGP key for your security team, so that people reporting security vulnerabilities in your app can report them to you securely with encryption. To see examples of how to do this, you can refer to security pages at Apple or Google.
CEO and Co founder
After asking Yu for permission to publish his email, he replied:
You're much too kind. We try to respond to all question/issues raised by users. Unfortunately when you reached out before your message never reached our engineers.
You're totally welcome to publish my email. Tell me if there's anything I can help with.
Appendix: Generate SHA256 hashes for all Chinese mobile phone numbers
The ruby code below creates a (really large) CSV file with SHA256 hashes of all Chinese mobile phone numbers.
On a normal computer, this very inefficient code would take a long time to create the whole list. However, a real attacker would:
- use more efficient code
- run this code on a graphics card other specialized hardware
- use an existing rainbow table