Hot on the heels of last week’s security issues, dating app Grindr is under fire again for inappropriate sharing of HIV status with third parties (not advertisers, as I had written here before) and inadequate security on other personal data transmission. It’s not a good look for a company that says privacy is paramount.
Norwegian research outfit SINTEF analyzed the app’s traffic and found that HIV status, which users can choose to include in their profile, is included in packets sent to Apptimize and Localytics. Users are not informed that this data is being sent.
That said, it’s a rather serious breach of trust that something as private as HIV status is being shared in this way, even if it isn’t being done with any kind of ill intention. The laxity with which this extremely important and private information is handled undermines the message of care and consent that Grindr is careful to cultivate.
Update: Grindr’s head of security told Axios that the company will stop sending HIV status data to third parties.
Perhaps more serious from a systematic standpoint, however, is the unencrypted transmission of a great deal of sensitive data.
The SINTEF researchers found that precise GPS position, gender, age, “tribe” (e.g. bear, daddy), intention (e.g. friends, relationship), ethnicity, relationship status, language and device characteristics are sent over HTTP to a variety of advertising companies. A Grindr representative confirmed that location, age, and tribe are “sometimes” sent unencrypted. I’ve asked for clarification on this.
Not only is this extremely poor security practice, but Grindr appears to have been caught in a lie. The company told me last week when news of another security issue arose that “all information transmitted between a user’s device and our servers is encrypted and communicated in a way that does not reveal your specific location to unknown third parties.”
At the time I asked them about accusations that the app sent some data unencrypted; I never heard back. Fortunately for users, though unfortunately for Grindr, my question was answered by an independent body, and the above statement is evidently false.
It would be one thing to merely share this data with advertisers and other third parties — although it isn’t something many users would choose, presumably they at least consent to it as part of signing up.
But to send this information in the clear presents a material danger to the many gay people around the world who cannot openly identify as such. The details sent unencrypted are potentially enough to identify someone in, say, a coffee shop — and anyone in that coffee shop with a bit of technical knowledge could be monitoring for exactly those details. Identifying incriminating traffic in logs also could be done at the behest of one of the many governments that have outlawed homosexuality.
I’ve reached out to Grindr for comment and expect a statement soon; I’ll update this post as soon as I receive it.
Update: Here is Grindr’s full statement on the sharing of HIV data; notably it does not address the unencrypted transmission of other data.
As a company that serves the LGBTQ community, we understand the sensitivities around HIV status disclosure. Our goal is and always has been to support the health and safety of our users worldwide.
Recently, Grindr’s industry standard use of third party partners including Apptimize and Localytics, two highly-regarded software vendors, to test and validate the way we roll out our platform has drawn concern over the way we share user data.
In an effort to clear any misinformation we feel it necessary to state:
Grindr has never, nor will we ever sell personally identifiable user information – especially information regarding HIV status or last test date – to third parties or advertisers.
As an industry standard practice, Grindr does work with highly-regarded vendors to test and optimize how we roll out our platform. These vendors are under strict contractual terms that provide for the highest level of confidentiality, data security, and user privacy.
When working with these platforms, we restrict information shared except as necessary or appropriate. Sometimes this data may include location data or data from HIV status fields as these are features within Grindr, however, this information is always transmitted securely with encryption, and there are data retention policies in place to further protect our users’ privacy from disclosure.
As an industry leader and champion for the LGBTQ community, Grindr, recognizes that a person’s HIV status can be highly stigmatized but after consulting several international health organizations and our Grindr For Equality team, Grindr determined with community feedback it would be beneficial for the health and well-being of our community to give users the option to publish, at their discretion, the user’s HIV Status and their Last Tested Date. It is up to each user to determine what, if anything, to share about themselves in their profile.
The inclusion of HIV status information within our platform is always regarded carefully with our users’ privacy in mind, but like any other mobile app company, we too must operate with industry standard practices to help make sure Grindr continues to improve for our community. We assure everyone that we are always examining our processes around privacy, security and data sharing with third parties, and always looking for additional measures that go above and beyond industry best practices to help maintain our users’ right to privacy.