Grindr is Sharing the HIV Status of Users with Outside Companies
Gay dating app Grindr is sharing the HIV status of its users with outside firms, it has been revealed.
A Norwegian nonprofit has discovered that the information is being shared with two private companies that help “optimise” apps, Localytics and Apptimize.
“Thousands of companies use these highly-regarded platforms. These are standard practices in the mobile app ecosystem,” Grindr Chief Technology Officer Scott Chen told BuzzFeed, who verified the claims.
“No Grindr user information is sold to third parties. We pay these software vendors to utilise their services.”
“The limited information shared with these platforms is done under strict contractual terms that provide for the highest level of confidentiality, data security, and user privacy.”
A recent push to encourage people to share their HIV status and when they were last tested made no clear mention that the data will be shared with outside companies.
Grindr’s privacy policy warns users that information shared on the platform can be disclosed.
James Krellenstein, a member of ACT UP New York, told BuzzFeed: “To then have that data shared with third parties that you weren’t explicitly notified about, and having that possibly threaten your health or safety — that is an extremely, extremely egregious breach of basic standards that we wouldn’t expect from a company that likes to brand itself as a supporter of the queer community.”
The company also shares users’ sexual orientation, relationship status, “tribe,” and ethnicity with the companies if the information is listed in their profile.
It is the latest Grindr security flaw to be exposed in the past month after it was revealed location data is being shared, even when users opt out.
The security flaws were discovered by Trevor Faden after he created C*ckblocked, a website that enabled Grindr users to find out who had blocked them.
In order to take advantage of the feature, users were made to enter their username and password.
Once they had, Mr Faden was able access a large amount of private data, including unread messages, deleted photos and user location data.