Grindr shared personal, HIV and geolocation-related data with two of its third-party contractors without informing users.
As a way to make relationships safer, the gay flirting application Grindr allows users to share information about whether or not they are infected with HIV and the date of the last test. This data is extremely sensitive and private and serves to only inform future potential partners, but it turned out that Grindr was sharing this with two third-party contractors to optimize its algorithm.
This was revealed by a security researcher Antoine Pultier who works for a Norway based NGO Sintef. In a conversation with BuzzFeed, Pultier said that Grindr saved the data of over 3.6 million daily users and passed it on to Localytics and Apptimize, two of its third-party contractors.
According to Pultier, the shared data contained users’ HIV information, phone numbers, email addresses and geolocation making it not only easier for them to identify but locate them in real time. What’s worse is that some of the data was not even encrypted.
Screenshot of the data shared by Grindr (Credit: BuzzFeed)
“The two companies — Apptimize and Localytics, which help optimize apps — receive some of the information that Grindr users choose to include in their profiles, including their HIV status and “last tested date,” BuzzFeed reported.
More: Researcher Threatened with Infection For Exposing Flaw in HIV Dating App
“Because the HIV information is sent together with users’ GPS data, phone ID, and email, it could identify specific users and their HIV status,” said Pultier.
Gay dating app @Grindr #grindr sharing HIV status, GPS locations, relationship status, and more with data collection companies? Are you kidding me? #dating info is #private info. This is beyond F*cked up. #facebook @facebook and all these others (#grindr) must face consequences.
— Dan Aiello (@mrdanielaiello) April 2, 2018
In response to the allegations, chief technology officer at Grindr Scott Chen justified the practice of sharing data and wrote a blog post stating that data sharing with Localytics and Apptimize follows industry standards to “test and validate” app. He also claimed that the data was never sold to anyone.
The company also vows not to share HIV data with anyone outside the company. In a conversation with CNNMoney, the company said that “it has already deleted HIV data from Apptimize, and is in the process of removing it from Localytics.”
However, Bryce Case, the company’s security chief of Grindr is not happy with the situation and claims that they are being “unfairly … singled out” amid Facebook and Cambridge Analytica scandal.
Nevertheless, Grindr users on social media are showing disappointment over the company’s secret data sharing tactics while some are even talking about completely removing the app from their devices since their location data is already in the hand of third parties.
More: Keyboard app caught collecting users data after 31M records leaked online
