Grindr’s administrators temporarily disabled the popular hookup app’s location-awareness features yesterday afternoon following widespread concerns about a security exploit that exposed 600,000 users’ exact locations worldwide regardless of their privacy settings. The flaw in Grindr’s infrastructure allowed anyone, including people not using the service on a phone or tablet, to triangulate a specific users precise location by pinging Grindr’s servers. Though popularly thought to be a predominantly western app, Grindr boasts a global userbase of over 6 million people, many of whom are logging on from within countries with explicitly homophobic laws.
After discovering the potential security breach, an anonymous European Grindr user took to demonstrating just how easy it was to parse out other users’ personal information. Despite being alerted to the problem, Grindr’s developers initially responded to the backlash by asserting that the application was merely functioning the way it was meant to.
The sudden shutdown of the app’s location functionality was seemingly meant to address the bug. However, hours after users were able to seek one another out from their phones, America Blog’s John Aravosis easily found other users in Brunei, Russia, and Iran. This raises particular concerns in light of a slew of Grindr-assisted arrests in Egypt. Rather than fully patching the problem, Grindr’s development team has implemented a series of roadblocks:
"It appears, according to the anonymous Grindr user who uncovered the security breach, that Grindr is blocking the IP address of anyone attempting to find the exact location of its users. (Grindr is also requiring you to register a new account before massively [violating] the privacy of their users.) But if Grindr thinks this is a sufficient fix, they might want to have a chat with the following gay men I just found in Tehran and Brunei. All you have to do, apparently, is create a new IP address and a new account, and voila, you’re in."
It is important to note that Grindr users who disable their location sharing from within the app should be protected from the break.
Watch a video demonstrating the Grindr security breach AFTER THE JUMP…
UPDATE: Grindr has issued a statement on the security concerns:
"In light of recent security allegations surrounding a user’s specific location, Grindr has made modifications to no longer show distance information for users. Grindr will continue to make ongoing changes to keep all users secure, as necessary."