Grindr, as in “meat grinder,” is the largest gay sex hook up phone app. Just a few weeks after the Facebook data scandal, now Grindr has been caught selling the private HIV statuses of all its members to private companies:
Grindr’s privacy issues may extend beyond access to data with a login. BuzzFeed News and Norwegian non-profit SINTEF report that Grindr has been sharing its users’ HIV statuses (including their last test date) with two app optimization companies, Apptimize and Localytics. As that data is attached to info like email addresses, GPS info and phone IDs, it’s possible for an intruder to link specific people (beyond just their public profiles) to their health info.
SINTEF also found that Grindr was giving ad companies an extensive range of data that users might not want to share outside of the app, including their gay subculture, relationship status and precise GPS locations. Some of this info was shared in plain text, too, making it relatively easy to swipe.
We’ve asked Grindr for comment. In a statement to BuzzFeed, CTO Scott Chen said the company was following “standard practices” for sharing app data and that the company doesn’t sell info to third parties. Apptimize and Localytics are under “strict contractual terms” that won’t let them share data, Chen added.
The problem, however, isn’t the trustworthiness of the companies — it’s that Grindr is putting sensitive information on servers it doesn’t control. Users may be willing to make their HIV statuses public, but that doesn’t mean they want to share those statuses with corporate partners, no matter how above-board those partners may be. Also, spreading that information to other companies increases the number of attack points for hackers. People are already anxious about data sharing in light of the Cambridge Analytica scandal, where the company collected Facebook friends’ info without consent; they might not be pleased at sharing medical info with a wider circle than their would-be partners. (source)