A postgraduate student has published evidence showing gay dating apps Grindr and Jack’d have a major data flaw that could allow hackers to steal your personal data.
The study exposes how the gay dating apps have a major privacy weakness. It makes your personal data, including your location, susceptible to hacking.
Jason Chao says he can prove the apps are not encrypting data sent to third party advertisers. This allows anyone to intercept the data transfer, and steal it.
Speaking to Gay Star News, Chao says he could find out people’s age, relationship status, and even location coordinates.
‘It surprised me. Vulnerable people who aren’t out use Grindr and Jack’d. The developers should be assessing the apps’s security all around.’
Because the location data is sent to third-party advertisers without encryption, hackers could use the information to find out who is gay and bi in their area. Something which poses a serious security risk for people using the app in countries where it is illegal to be gay.
But even in countries where LGBTI people are protected by the law, this breach could open up the possibility of people being outed to families and co-workers.
Chao explains what his study means for your privacy on the apps in this short video:
This is how you can protect yourself until the apps fix the breach
Chao believes the app developers are ultimately responsible for the safety of the users.
‘I am not the first one to discover Grindr and Jack’d being leaky. Researchers at a Japanese university were the first ones to point out the issue of both apps sending unencrypted data to third-party advertisers. However, they only saw evidence of device models and carrier names being susceptible to hackers. But in my study, I also found personal data is accessible too.’
Chao gives this advice to GSN readers:
‘For the time being, using VPN can protect yourself from the leakage of unencrypted data from Grindr and Jack’d.’
However, Chao says shifting the responsibility for privacy to the users is not a long-term solution:
‘It’s the job of the developers of Grindr and Jack’d to correct this.’
Gay Star News has reached out to Grindr and Jack’d.