The popular gay dating app Grindr has been sharing its users’ HIV statuses and other sensitive information with other companies
According to BuzzFeed, the company has shared personal information, including HIV status and “last tested” dates, with app optimizing companies Apptimize and Localytics.
Antoine Pultier, a researcher at the Norwegian nonprofit SINTEF, says HIV information is sent unencrypted together with users’ GPS data, phone ID, and email, and could identify specific users and their HIV status.
“The HIV status is linked to all the other information. That’s the main issue,” says Pultier. “I think this is the incompetence of some developers that just send everything, including HIV status.”
Related: Chat with gay men
“Grindr is a relatively unique place for openness about HIV status,” says James Krellenstein, a member of ACT UP New York. “To then have that data shared with third parties that you weren’t explicitly notified about, and having that possibly threaten your health or safety–that is an extremely, extremely egregious breach of basic standards that we wouldn’t expect from a company that likes to brand itself as a supporter of the queer community.”
Grindr claims all the sensitive data have been shared in order to “make the app better.”
“No Grindr user information is sold to third parties,” the company says. “We pay these software vendors to utilize their services.”
But Cooper Quintin, a senior staff technologist and security researcher at the Electronic Frontier Foundation, doesn’t buy the excuse.
“Even if Grindr has a good contract with the third parties saying they can’t do anything with that info,” he says, “that’s still another place that that highly sensitive health information is located.”
“If somebody with malicious intent wanted to get that information, now instead of there being one place for that–which is Grindr–there are three places for that information to potentially become public.”
“When you combine this with an app like Grindr that is primarily aimed at people who may be at risk–especially depending on the country they live in or depending on how homophobic the local populace is–this is an especially bad practice that can put their user safety at risk,”