Gay hookup app Grindr has announced it will stop sharing sensitive user data, including location data and users’ HIV statuses, with two external analytics companies after concerns raised in a media report.
Grindr allows users the option of listing their HIV status on their profiles, and recently urged users to share their HIV status and their last HIV test date so the app can provide periodic HIV testing reminders.
But Buzzfeed reported that Grindr had shared sensitive data from its more than 3.6 million daily users with Apptimize and Localytics, two companies that contracted by Grindr to “optimise” the app.
According to analysis by Norwegian nonprofit research organization SINTEF, the data shared included profile information as well as GPS data, phone ID information, and emails. It could be used to link user identities and HIV statuses, and the data was made more vulnerable to hackers when shared with third parties, the researchers said.
“The HIV status is linked to all the other information. That’s the main issue,” SINTEF researcher Antoine Pultier told BuzzFeed.
“I think this is the incompetence of some developers that just send everything, including HIV status.”
The company also shares users’ sexual orientation, relationship status, their “tribe,” and ethnicity with the companies if the information is listed in their profile. The app boasts users in more than 230 countries around the world, including countries in which homosexuality is illegal.
James Krellenstein from the New York branch of AIDS advocacy group ACT UP, earlier told BuzzFeed that Grindr was a “relatively unique place” with regards to HIV status disclosure.
“To then have that data shared with third parties that you weren’t explicitly notified about, and having that possibly threaten your health or safety — that is an extremely, extremely egregious breach of basic standards that we wouldn’t expect from a company that likes to brand itself as a supporter of the queer community,” Krellenstein said.
Grindr told Axios the company would stop sharing the HIV status data with the two companies.
Grindr security chief Bryce Case told the website much of the concern with Grindr’s data-sharing practices misunderstood what was being shared and with whom, and the most sensitive user information was encrypted and was never shared with advertisers.
Case said the company would change its policies around particularly sensitive information, including HIV status, amid the outrage.
“We’ve been very careful to balance the needs of our customers with the needs of our advertisers. User trust is paramount,” Case told Axios.
The company’s Chief Technology Officer Scott Chen earlier defended the sharing of the data in a statement to BuzzFeed, saying the two analytics companies will not share users’ data.
“Thousands of companies use these highly-regarded platforms. These are standard practices in the mobile app ecosystem,” Chen said.
“No Grindr user information is sold to third parties. We pay these software vendors to utilize their services.
“The limited information shared with these platforms is done under strict contractual terms that provide for the highest level of confidentiality, data security, and user privacy.”
In a lengthier statement, Chen elaborated, “When working with these platforms we restrict information shared except as necessary or appropriate.
“Sometimes this data may include location data or data from HIV status fields as these are features within Grindr, however, this information is always transmitted securely with encryption, and there are data retention policies in place to further protect our users’ privacy from disclosure.
“We understand the sensitivities around HIV status disclosure. Our goal is and always has been to support the health and safety of our users worldwide.
“Grindr has never, nor will we ever sell personally identifiable user information — especially information regarding HIV status or last test date — to third parties or advertisers.”