Grindr was sharing users' location and HIV status with third parties
Last week there was an outcry after it was revealed that it was relatively simple to determine the location of Grindr users because of a security flaw. The company has now also admitted that it shared information from users' profiles with third parties -- specifically the analytics companies Apptimize and Localytics -- including their HIV status.
Grindr was quick to point out that, firstly, the information was sent via HTTPS, secondly, that the data was not sold to the analytics companies (it was provided free of charge) and, thirdly, that the data was public anyway. All three of these points will come as little comfort to Grindr users, but the company has said that it will now stop the practice of sharing HIV-related information.
- Security issues in gay dating app Grindr exposed users' locations
- Facebook makes its privacy settings easier to find -- including the option to delete your Facebook data
- Privacy: Facebook has been collecting call and text data from Android users
Antoine Pultier, a researcher at the Norwegian nonprofit SINTEF, was the one who made the discovery and shared his findings on GitHub. He pointed out that data including location, HIV test dates and status, email address and more were also being sent without security to Apptimize and Localytics. Speaking about his findings to Buzzfeed, he said:
The HIV status is linked to all the other information. That's the main issue. I think this is the incompetence of some developers that just send everything, including HIV status.
Grindr security chief Bryce Case has leapt on the defensive, saying to Axios: "I understand the news cycle right now is very focused on these issues", adding "I think what's happened to Grindr is, unfairly, we've been singled out."
He also pointed out that the information shared had already been made public by the users who added it to their profiles. It's fair to say, however, that the users would not have been expecting such sensitive facts to be shared with other companies. The good news is that Grindr has now said that it will stop sharing this information, although Case tried to further turn down the heat by saying that data had only been shared for "debugging and optimization purposes" anyway.
Grindr CTO Scott Chen issued a statement saying:
The company was keen to stress that it believes the outcry surrounding the matter was down to a "misunderstanding" about what was being shared, but confirmed to Axios that HIV status would no longer be shared.