diff --git a/app/app.go b/app/app.go
index b9947ff..bd89143 100644
--- a/app/app.go
+++ b/app/app.go
@@ -129,7 +129,7 @@ func (app *application) AddPeerPlugin(onion string, pluginID plugins.PluginID) {
 func (app *application) ImportProfile(exportedCwtchFile string, password string) (peer.CwtchPeer, error) {
 	profileDirectory := path.Join(app.directory, "profiles")
 	profile, err := peer.ImportProfile(exportedCwtchFile, profileDirectory, password)
-	if err == nil {
+	if profile != nil || err == nil {
 		app.installProfile(profile)
 	}
 	return profile, err
diff --git a/peer/storage.go b/peer/storage.go
index 89bcf76..68db73b 100644
--- a/peer/storage.go
+++ b/peer/storage.go
@@ -5,6 +5,7 @@ import (
 	"compress/gzip"
 	"crypto/rand"
 	"database/sql"
+	"encoding/hex"
 	"errors"
 	"fmt"
 	"git.openprivacy.ca/openprivacy/log"
@@ -191,7 +192,8 @@ func ImportProfile(exportedCwtchFile string, profilesDir string, password string
 				return profile, err
 			}
 			//  Otherwise purge
-			os.RemoveAll(filepath.Join(profilesDir, profileDir))
+			log.Errorf("error importing profile: %v. removing %s", err, profileDir)
+			os.RemoveAll(profileDir)
 			return nil, err
 		}
 		return nil, err
@@ -237,6 +239,11 @@ func checkCwtchProfileBackupFile(srcFile string) (string, error) {
 			dir := parts[0]
 			profileFileType := parts[1]
 
+			_, hexErr := hex.DecodeString(dir)
+			if dir == "." || dir == ".." || len(dir) !=32 || hexErr != nil {
+				return "", errors.New("invalid profile name")
+			}
+
 			if profileName == "" {
 				profileName = dir
 			}
@@ -292,6 +299,12 @@ func importCwtchProfileBackupFile(srcFile string, profilesDir string) error {
 			}
 			dir := parts[0]
 			base := parts[1]
+
+			_, hexErr := hex.DecodeString(dir)
+			if dir == "." || dir == ".." || len(dir) != 32 || hexErr != nil {
+				return errors.New("invalid profile name")
+			}
+
 			if profileName == "" {
 				profileName = dir
 			}