Popular gay dating app Grindr is reportedly sharing the HIV statuses of its users with third parties.
According to a report from BuzzFeed News, Grindr “has been providing its users’ HIV status to two other companies,” Apptimize and Localytics, which “help optimize apps.”
“Because the HIV information is sent together with users’ GPS data, phone ID, and email, it could identify specific users and their HIV status,” BuzzFeed News explained, adding that the company was also “sharing its users’ precise GPS position, ‘tribe’ (meaning what gay subculture they identify with), sexuality, relationship status, ethnicity, and phone ID to other third-party advertising companies.”
The information, excluding HIV statuses, was being transferred via “plain text” format, which BuzzFeed News noted can be “easily hacked.”
“The HIV status is linked to all the other information. That’s the main issue,” declared SINTEF researcher Antoine Pultier, whose company first identified the concern. “I think this is the incompetence of some developers that just send everything, including HIV status.”
In response to the news, AIDS advocacy group ACT UP New York’s James Krellenstein called Grindr’s data sharing “an extremely, extremely egregious breach of basic standards.”
“Grindr is a relatively unique place for openness about HIV status,” he proclaimed. “To then have that data shared with third parties that you weren’t explicitly notified about, and having that possibly threaten your health or safety — that is an extremely, extremely egregious breach of basic standards that we wouldn’t expect from a company that likes to brand itself as a supporter of the queer community.”
The Electronic Frontier Foundation also highlighted a potential security risk for gay users of the app in countries where homosexuality is criminalized.
“It allows anybody who is running the network or who can monitor the network — such as a hacker or a criminal with a little bit of tech knowledge, or your ISP or your government — to see what your location is,” explained the Electronic Frontier Foundation’s Cooper Quintin. “When you combine this with an app like Grindr that is primarily aimed at people who may be at risk — especially depending on the country they live in or depending on how homophobic the local populace is — this is an especially bad practice that can put their user safety at risk.”
“Even if Grindr has a good contract with the third parties saying they can’t do anything with that info, that’s still another place that that highly sensitive health information is located,” he continued. “If somebody with malicious intent wanted to get that information, now instead of there being one place for that — which is Grindr — there are three places for that information to potentially become public.”
Grindr, however, attempted to dispel concerns, announcing in a statement that, “Thousands of companies use these highly-regarded platforms.”
“These are standard practices in the mobile app ecosystem,” claimed Grindr CTO Scott Chen. “No Grindr user information is sold to third parties. We pay these software vendors to utilize their services.”
Last week, Grindr announced a new feature in the app which would remind users to get HIV tests.