5.3m users of Chinese lesbian dating app exposed on unsecured server

28 Mar 2019

Image: © garry_images/Stock.adobe.com

The private data of millions of users of the popular Rela app in China have been exposed in a country where LGBTQ rights are limited.

Despite China decriminalising homosexuality more than 20 years ago, the rights of LGBTQ people in the country remain very limited compared with some other nations in the world. Now, as many as 5.3m gay and queer women in China are facing the reality that their private data has been exposed for all to see after app developers stored it in a totally unsecured server with no password protection.

According to TechCrunch, the app Rela has been troubled in the past by a 2017 shutdown, allegedly instigated by Chinese regulators. However, the following year it returned with a server hosted by a different cloud provider.

The discovery was made by security researcher Victor Gevers of the GDI Foundation who believes the exposed server had been live since June 2018, a month after its unexpected return. The data included in the breach held personal details about the user – such as their height, weight and date of birth – as well as their sexual preferences and interests.

Similar to another story about Family Locator earlier this week, the Rela app also included records of users’ precise geolocation, as well as more than 20m status updates.

“Five-plus million LGBTQ+ people face a lot of social challenges in China because there are no laws protecting them from discrimination,” said Gevers. “This data leak that has been open for years makes it even more damaging for the people involved who were exposed.”

The company behind Rela did respond to the discovery saying that it has since secured the database, however, it comes at a time of much uncertainty over the future of China’s LGBTQ dating apps.

For example, Zank – an app mostly used by gay and bisexual men – was also shut down in 2017 after the government said it had broken laws regarding the broadcasting of pornographic material.

More recently, the hugely popular US-based Grindr app was acquired by the Chinese gaming company Beijing Kunlun Tech for almost $100m. However, its owners are now reportedly looking to sell after the Committee on Foreign Investment in the US declared that having the app’s owners based in China posed a major national security risk.

Colm Gorey was a senior journalist with Silicon Republic