Grindr has promised to stop sharing it users’ data, including HIV status, with other companies.
It made the decision after a global outcry over the fact it shared user data with companies, Apptimize and Localytics. They’re companies with help business improve their app’s performance through ‘analytics insight’.
Norwegian not for profit organization, Sintef, discovered the worrying data leaks in February.
Swedish TV program, ‘Plus granskar‘ commissioned Sintef to look into Grindr. Sintef found the companies could ‘identify specific users’, because they had received their GPS data, phone ID and email.
‘Personal information is shared unencrypted, allowing people, companies, or governments to listen on a network to discover who is using Grindr, where they are precisely located during a day, how do they look, what do they like, what do they browse,’ Sintef wrote in its report findings.
Grindr is one of the world’s most popular gay hookup apps with about 3.6 million daily users. It has been a leader in the gay app market when it comes to sexual health messages, recently launching a service to remind users to get tested for HIV.
In its research Sintef found by sharing its users HIV status, Grindr was ‘exposing its users’.
‘It is unnecessary for Grindr to track its users HIV Status using third-parties services. Moreover, these third-parties are not necessarily certified to host medical data, and Grindr’s users may not be aware that they are sharing such data with them,’ Sintef wrote.
Sharing data leaves people vulnerable
Sintef said users’ data is more vulnerable to hackers when shared with third parties.
People in homophobic countries or those who could face discrimination based on their HIV status are also at risk.
‘Even if Grindr has a good contract with the third parties saying they can’t do anything with that info, that’s still another place that that highly sensitive health information is located,’ Cooper Quintin, senior staff technologist and security researcher at the Electronic Frontier Foundation, told BuzzFeed News.
‘If somebody with malicious intent wanted to get that information, now instead of there being one place for that — which is Grindr — there are three places for that information to potentially become public.’
Not good enough
The Institute of Many (TIM), is a grassroots HIV advocacy group. Its cofounder, Nic Holas, said it was critical companies act responsibly with sensitive information.
‘We want to get to a place where sharing your HIV status with the world isn’t an issue, and we need more, not less, PLHIV being visible on apps and elsewhere,’ he told Gay Star News.
‘However, while PLHIV continue to be criminalised and stigmatised around the world, it’s vital that our sensitive information is handled correctly, and ethically.’
Grindr backs down
After first defending its strategy to use app analytics companies, Grindr said it would stop sharing it users’ data.
Grindr’s security chief Bryce Case told Axios the company’s ‘data-sharing practices were a misunderstanding of what was being shared and with whom’.
‘I understand the news cycle right now is very focused on these issues,’ Case said.
‘[But] I think what’s happened to Grindr is, unfairly, we’ve been singled out.’
Grindr first defended its right to share the data with Apptimize and Localytics.
‘The inclusion of HIV status information within our platform is always regarded carefully with our users’ privacy in mind, but like any other mobile app company, we too must operate with industry standard practices to help make sure Grindr continues to improve for our community,’ said Grindr’s chief technology officer Scott Chen in a statement on Monday (2 March).