Grindr is sharing users’ HIV status with at least two other companies according to Antoine Pultier, a researcher at the Norwegian nonprofit SINTEF.
The two companies — Apptimize and Localytics, which help optimize apps — receive some of the information that Grindr users choose to include in their profiles, including their HIV status and “last tested date.”
Because the HIV information is sent together with users’ GPS data, phone ID, and email, it could identify specific users and their HIV status, according to Antoine Pultier, a researcher at the Norwegian nonprofit SINTEF, which first identified the issue.
“The HIV status is linked to all the other information. That’s the main issue,” Pultier told BuzzFeed News. “I think this is the incompetence of some developers that just send everything, including HIV status.”
Grindr recently patched a security flaw that allowed users to see who blocked them, and then opened a window to their private data.
“The security flaws were identified by Trever Faden, CEO of the property management startup Atlas Lane, after he created a website called C*ckblocked (the asterisk is part of the name of the service). His website allowed users to see who blocked them on Grindr after they entered their Grindr username and password. Once they did so, Faden was able to gain access to a trove of user data that is not publicly available on user profiles, including unread messages, email addresses, deleted photos, and the location data of users, some of whom have opted to not share their locations publicly.”
Faden’s website has since been shut down.
In January, former intelligence officials and China experts raised warnings following the full acquisition of Grindr by the Kunlun Group, a Chinese firm which took over leadership of the company.
The Washington Post reported at the time:
“What you can see from Chinese intelligence practices is a clear effort to collect a lot of personal information on a lot of different people, and to build a database of names that’s potentially useful either for influence or for intelligence,” said Peter Mattis, a former U.S. government intelligence analyst and China fellow at the Jamestown Foundation. “Then later, when the party-state comes into contact with someone in the database, there’s now information to be pulled,” he said.
Do you feel your personal information is safe with Grindr?