Watch what you post on Grindr. The gay dating app has been sharing sensitive user details including HIV status and GPS location data with two third-party services.
Grindr has been passing off the data to a pair of mobile analytics providers called Apptimize and Localytics, according to a Norwegian nonprofit group called SINTEF, which has been investigating the dating app over potential privacy leaks.
Other data passed off includes gender, age, height, weight, email addresses and Grindr profile ID numbers. In other words: enough personal information to potentially identify users and expose their HIV status.
“It is unnecessary for Grindr to track its users HIV Status using third-parties services,” SINTEF said. “Moreover, these third-parties are not necessarily certified to host medical data.”
But despite the sensitive information at stake, Grindr is playing down the concerns. The dating app isn’t denying the findings, but telling the public that the data collection is in line with industry practices.
On Monday, Grindr’s CTO Scott Chen released a statement, saying that both Apptimize and Localytics are two “highly-regarded vendors” that are merely helping the dating app roll out the platform.
“These vendors are under strict contractual terms that provide for the highest level of confidentiality, data security, and user privacy,” Chen added.
Both Apptimize and Localytics do, indeed, specialize in maximizing the performance of mobile apps and have thousands of clients. But why Grindr needs to hand over sensitive information like HIV status to them isn’t totally clear.
In his Monday post, Grindr’s CTO vaguely said: “We too must operate with industry standard practices to help make sure Grindr continues to improve for our community.”
Although Grindr said it has never sold any personal identifiable user information to advertisers or third-party services, Chen also noted: “It’s important to remember that Grindr is a public forum.”
Nevertheless, people rarely read privacy policies, and Grindr users were probably unaware sensitive data like HIV status was going to a third-party service. A worst-case scenario is the information leaking to bad actors. In Monday’s statement, Chen himself noted “a person’s HIV status can be highly stigmatized.”
Grindr’s CTO said the data shared with Apptimize and Localytics is done so with encryption. But according to the Norwegian nonprofit SINTEF, not everything on the dating app is secure; Grindr also transmits data to other third-party mobile advertising services, but in plaintext.
In its own test, the research group noticed that the Grindr app can leak certain information when connected to a local Wi-Fi network. That means anyone else snooping over the network can view the Grindr user’s details such as GPS locations, gender, age, ethnicity, relationship status and phone ID.
So Far, Grindr hasn’t responded to this reported leak.