The popular gay hook-up apps Grindr, Romeo, and Recon are putting people at risk by allowing a user’s precise location to be deciphered via trilateration, according to cyber-security researchers who showed their findings to BBC News.
In September 2018, Buzzfeed News pointed out the same issue with Grindr, which gave them a statement at the time: ‘In a statement to BuzzFeed News, Grindr president Scott Chen argued that the app’s geolocation feature is “core to our platform and user experience,” but also acknowledged that “there are inherent challenges in the use of any app that utilizes or relies upon location information.” Chen added, “Additionally, we currently utilize a geohash system, which approximates, rather than ‘pinpoints,’ all location information.” He also said that Grindr “will continue trying to evolve and improve our platform,” but did not specify how.’
The BBC explains how it works: “Imagine a man shows up on a dating app as ‘200m away’. You can draw a 200m (650ft) radius around your own location on a map and know he is somewhere on the edge of that circle. If you then move down the road and the same man shows up as 350m away, and you move again and he is 100m away, you can then draw all of these circles on the map at the same time and where they intersect will reveal exactly where the man is.”
The researchers were also able to determine other users’ locations with technology that allowed them to fake their locations: “They also found that Grindr, Recon and Romeo had not fully secured the application programming interface (API) powering their apps. The researchers were able to generate maps of thousands of users at a time.”
After relaying this information to Grindr, Recon, and Romeo, Recon took action and said it had made changes to “obscure the precise location of its users.”
Grindr said that it gives users the option to hide their distance information and said it clouded users’ locations in countries where LGBTQ people are at risk. Romeo did not respond.
Scruff and Hornet, two gay hook-up apps which were not included in the researchers’ study, responded to BBC News’ request for comment: “Scruff told BBC News it used a location-scrambling algorithm. It is enabled by default in ’80 regions around the world where same-sex acts are criminalised’ and all other members can switch it on in the settings menu. Hornet told BBC News it snapped its users to a grid rather than presenting their exact location. It also lets members hide their distance in the settings menu.”
Earlier this year we reported that Grindr, the leading gay social app, was up for sale by Kunlun, the Chinese firm which acquired it in 2016, after a U.S. Government panel said it is a “national security risk.” The company’s plans for an IPO, which had been put on hold, are now reportedly back on.
CNBC reports: ‘Kunlun said in May it had agreed to a request by the Committee on Foreign Investment in the United States (CFIUS) to sell Grindr, setting a June 2020 deadline to do so and putting preparations for an IPO of Grindr on hold. A source familiar with the matter said on Monday that Kunlun’s efforts to sell Grindr outright were continuing even as the IPO preparations were relaunched.’