The dating/hook-up app Grindr is sharing the HIV status of its roughly 3.6 million daily users with two other companies.
On the platform that caters largely to queer men, Grindr users can share what their status is using an âHIV statusâ category where they can put if theyâre positive, negative, being treated, etc. Grindr has also long promoted sexual health, even recently implementing a feature that will regularly remind users to get tested for HIV.
But now Buzzfeed News reports that the Norwegian nonprofit SINTEF discovered that companies Apptimize and Localystics, which reportedly help optimize apps, were receiving usersâ HIV status, along with other highly specific information like usersâ GPS data, phone ID, sexuality, relationship status, and email address. And all of that information together, if leaked beyond these companies, could potentially endanger users if theyâre not fully out with their status.
âWhen you combine this with an app like Grindr that is primarily aimed at people who may be at risk â especially depending on the country they live in or depending on how homophobic the local populace is â this is an especially bad practice that can put their user safety at risk,â Cooper Quintin, a senior staff technologist and security researcher at the Electronic Frontier Foundation, tells Buzzfeed.
While Grindrâs chief technology officer defended the choice to use what he referred to as âhighly-regarded platforms,â the data sharing still makes Grindr users vulnerable, especially data as sensitive as someoneâs HIV status. And while users might feel comfortable sharing that specific information with Grindr, itâs not clear enough in the appâs privacy policy that their personal information could potentially be shared elsewhere.
Just a few days ago, NBC News reported that a security flaw in Grindr was revealed after a man named Trever Faden created a site in which users could see who blocked them on Grindr. After users entered their username and password, Faden gained a bunch of usersâ data like unread messages, photos, and email addresses. Shortly after Faden exposed the security loophole, Grindr told NBC News it had changed its system to prevent that kind of access.
