Report: Grindr is Sharing Users' HIV Status & Other Information with Companies

Monday April 2, 2018

A new report from BuzzFeed News says the gay hookup app Grindr is sharing its users HIV status with at least two other companies.

Grindr, which boasts over 3.6 million users, is sharing information with Apptimize and Localytics, companies that help optimize apps. In addition to the HIV status, Grindr is also sharing other information in users' profiles, including "last tested date."

Antoine Pultier, a researcher at the Norwegian nonprofit group SINTEF, which first discovered Grindr's sharing of information, said because HIV information is sent together with the users' GPS information, phone ID and email, specific users could be identified - as well as their HIV status.

"The HIV status is linked to all the other information. That's the main issue," TPultier told BuzzFeed. "I think this is the incompetence of some developers that just send everything, including HIV status."

It was revealed last month that Grindr launched a new feature that allows users to set a reminder to get tested for HIV.

"Grindr is a relatively unique place for openness about HIV status," James Krellenstein, a member of AIDS advocacy group ACT UP New York, told BuzzFeed. "To then have that data shared with third parties that you weren't explicitly notified about, and having that possibly threaten your health or safety - that is an extremely, extremely egregious breach of basic standards that we wouldn't expect from a company that likes to brand itself as a supporter of the queer community."

SINTEF's report also found Grindr is sharing other profile information, including GPS position, tribe, sexuality, relationship status, ethnicity, and phone ID to other third-party advertising companies. Unlike the HIV data, this information was sometimes shared as "plain text," which BuzzFeed reports can be easily hacked.

"It allows anybody who is running the network or who can monitor the network - such as a hacker or a criminal with a little bit of tech knowledge, or your ISP or your government - to see what your location is," Cooper Quintin, senior staff technologist and security researcher at the Electronic Frontier Foundation, told BuzzFeed. "When you combine this with an app like Grindr that is primarily aimed at people who may be at risk - especially depending on the country they live in or depending on how homophobic the local populace is - this is an especially bad practice that can put their user safety at risk."

Responding to the report, Grindr's Chief Technology Officer Scott Chen told BuzzFeed the sharing of information to the companies help improve the app.

"Thousands of companies use these highly-regarded platforms. These are standard practices in the mobile app ecosystem," Chen told BuzzFeed News in a statement. "No Grindr user information is sold to third parties. We pay these software vendors to utilize their services."

Chen also said the two companies, Apptimize and Localytics, will not share users information.

"The limited information shared with these platforms is done under strict contractual terms that provide for the highest level of confidentiality, data security, and user privacy," he added.

Nevertheless, Quintin says sensitive information becomes more vulnerable if a third party has access to it.

"Even if Grindr has a good contract with the third parties saying they can't do anything with that info, that's still another place that that highly sensitive health information is located," Quintin told BuzzFeed. "If somebody with malicious intent wanted to get that information, now instead of there being one place for that - which is Grindr - there are three places for that information to potentially become public."

Grindr recently made headlines for fixing a security flaw in which users could see who blocked them via a third party website.

In January, Chinese gaming company Kunlun Group Limited acquired a full stake in Grindr. After the final deal closed, the app's founder and CEO Joel Simkahi stepped down from his position without giving a specific reason.

"I'm beyond proud of what we've built as a team and how Grindr has been able to make a meaningful and lasting contribution to the global community," he said in a statement at the time. "We have achieved our success because of the strength and global reach of our community. I look forward to Grindr and Kunlun's continued commitment to building tolerance, equality, and respect around the world."

Not long after the announcement, the Washington Post reported that its possible Grindr, under its new ownership, could be sharing users' information with the Chinese government. Read more about that by clicking here.

Comments on Facebook