Grindr, one of the world’s most popular gay dating apps, is embroiled in a privacy and data scandal that saw it share information about the HIV status of its users.
On Monday, a Norwegian NGO called Sintef revealed it had discovered that Grindr had handed over details about its users to other companies that could be used to identify those individuals.
The companies, Localytics and Apptimize, reportedly used the information to help “optimise” the Grindr app.
“Personal information is shared unencrypted, allowing people, companies, or governments to listen on a network to discover who is using Grindr, where they are precisely located during a day, how do they look, what do they like, what do they browse,” Sintef said in its report.
According to the group, it is possible to link users’ information with their HIV status. “It is unnecessary for Grindr to track its users HIV Status using third-parties services,” said Sintef. “Moreover, these third-parties are not necessarily certified to host medical data, and Grindr’s users may not be aware that they are sharing such data with them.”
While the two companies had agreed to ensure that the information stayed confidential, there are fears that sharing these kinds of details with other parties makes it more likely for the data to be leaked or hacked.
Grindr defended its actions and said that they are standard in the industry. It explained that it had not sold the information to anyone but had provided it to the two companies for them to assist it to help improve its service.
“Grindr has never, nor will we ever sell personally identifiable user information – especially information regarding HIV status or last test date – to third parties or advertisers,” said Grindr Chief Technology Officer Scott Chen.
“As an industry standard practice, Grindr does work with highly-regarded vendors to test and optimise how we roll out our platform. These vendors are under strict contractual terms that provide for the highest level of confidentiality, data security, and user privacy.”
Chen noted, however, “that Grindr is a public forum” and that should users choose to post information about themselves including HIV status and last test date on their profiles, “the information will also become public”.
About a year ago, Grindr gave users the ability to include their HIV status and last test date fields in profiles in order to “foster an open dialogue about sexual health”.
British LGBT human rights activist Peter Tatchell criticised Grindr for sharing the data. “Allowing private companies access to the HIV status of Grindr customers is as shocking as it gets and can only add to the anxieties experienced by gay and bisexual men with HIV,” he said.
“There are still 72 countries in the world that criminalise homosexuality and even more have governments that actively persecute LGBT+ people. Security breaches could be exploited to make arrests and by homophobic vigilantes to make violent attacks,” Tatchell warned.
He called on Grindr and similar app providers to urgently audit their data security measures and to come clean about any issues and fix them immediately.
“Data protection is the new frontier in the battle for human rights. Software companies that cater for LGBT+ people arguably have a special responsibility, given the potentially risky countries that many of their users live in,” Tatchell added.
It’s been reported that Grindr has now stopped or will shortly stop sharing information about its users to Localytics and Apptimize.