HighThere!, an app that’s been called the “Tinder for Tokers” by Forbes, has “student project level” security according to cybersecurity firm Synack. Mic reached out to the firm for a report on the app, which connects people looking for someone else to smoke with.
The report was troubling to say the least. According to Mic, anyone with a basic knowledge of computer science can access HighThere! and pull down information such as names, smoking habits, photographs and location data.
Apparently the flaw comes from how HighThere! handles connecting users together. Unlike Tinder, which stores user locations in a server, HighThere! computes how close other users are to you by sending your app instance a copy of their location data, and then having your phone compute the distance. The information is transferred unencrypted as well, Mic reports.
This means that anyone on HighThere!, which potentially could mean law enforcement, can find out exactly where you are.
“This is maximum fun for law enforcement — an incredibly useful tool. God bless the criminal who advertises where he is and what he's doing,” Synack Vice President of Operations Tony Gambacorta said to Mic. “You could not write a better tool for arresting people than this . . . If you're going to do something like track people participating in an illegal activity, you need to have superb data privacy on your platform.”
HighThere! sent a statement to Mic explaining that the company plans to improve its app’s security, saying, “HighThere! considers user privacy as a top priority. And for the past several months, we have been working diligently to enhance our current measures of protecting data. This work will be completed in the very near future, with an upcoming release that will include industry standard encryption, throughout all levels of the application.”
In the meantime however, anyone who has the app installed on their smartphone is running a rather large risk, especially depending on the legality of marijuana in their jurisdiction.
HighThere! Is available for Android and iOS. The app’s publicity pictures seem to mostly feature women, although specific demographics are unknown.