Grindr shared its users’ HIV status with two separate companies

3 Apr 2018

Grindr app on mobile. Image: Vdovichenko Denis/Shutterstock

Dating app Grindr comes under fire for sharing sensitive user details with third parties.

Grindr is a popular dating app within the LGBTQ community and has more than 3.6m daily active users across the globe.

Many of these users are now concerned as BuzzFeed News revealed that Grindr shared sensitive data with two companies, Apptimize and Localytics, which help to optimise apps.

Both firms receive some of the data that Grindr users elect to include in their profiles, including their HIV status, the last date they were tested for HIV and whether or not they are taking the medication known as PrEP, a drug that lowers your risk of contracting HIV.

Norwegian researchers flag the issue

Researchers at SINTEF, a Norwegian non-profit, were the first to spot the issue. Antoine Pultier of SINTEF said the main point is the fact that the HIV status information is linked to other user information, such as GPS data and email.

The researchers also found that the app had been sharing other user information such as GPS location, sexuality, relationship status and phone ID with advertising firms, in some cases not protected by encryption.

Grindr CTO Scott Chen addressed the issue in a Tumblr post: “Grindr has never [sold] nor will we ever sell personally identifiable user information – especially information regarding HIV status or last test date – to third parties or advertisers.”

He said that Grindr understands how sensitive an issue HIV status disclosure is, but noted that the app is a public forum and, if you choose to include your HIV status in your profile, “this information will also become public”.

Chen added that while Grindr works with third parties, it ensures the data shared is “always transmitted securely with encryption, and there are data retention policies in place” to further protect users’ privacy.

He concluded: “The inclusion of HIV status information within our platform is always regarded carefully with our users’ privacy in mind but, like any other mobile app company, we too must operate with industry-standard practices to help make sure Grindr continues to improve for our community.

“We assure everyone that we are always examining our processes around privacy, security and data-sharing with third parties, and always looking for additional measures that go above and beyond industry best practices to help maintain our users’ right to privacy.”

Grindr ceases sharing HIV data

Since the news broke, Grindr told Axios that it has made the change to cease the sharing of users’ HIV status. Bryce Case, CSO at Grindr, said he felt the app was being “singled out” in light of the recent Cambridge Analytica furore.

James Krellenstein of AIDS activism group Act Up told BuzzFeed News that Grindr’s sharing practice around this data was “an extremely, extremely egregious breach of basic standards that we wouldn’t expect from a company that likes to brand itself as a supporter of the queer community”.

While Grindr insists it has strong security and encryption safeguards in place, the growing consumer awareness around how data is being used in the wake of the Cambridge Analytica revelations means the dating app will be far from the last company facing this problem. Indeed, an increase in public literacy around data privacy will see the very foundations of many apps come under scrutiny.

Grindr app on mobile. Image: Vdovichenko Denis/Shutterstock

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects