Grindr has shared sensitive personal information, including the HIV status of its users and their last tested date, with at least two other companies.
BuzzFeed reports that the gay hookup app has given this data to Apptimize and Localytics — third-party companies that optimize apps — without notifying its users.
SINTEF, a Norwegian nonprofit organization, discovered the exchange during a February experiment that analyzed the app for privacy leaks. It questioned the rationale for the share, which it found alarming.
"It is unnecessary for Grindr to track its users HIV status using third-parties services," SINTEF noted in its report. "Moreover, these third-parties are not necessarily certified to host medical data, and Grindr's users may not be aware that they are sharing such data with them."
Additionally, the data on HIV status is bundled with other information that might jeopardize the privacy of a user, including phone ID, email, and GPS position. "I think this is the incompetence of some developers that just send everything, including HIV status," researcher Antoine Pultier concluded to BuzzFeed.
The report also found that Grindr has shared information like age, gender, relationship status, phone ID, language, and GPS location with third-party advertisers. Alarmingly, this data is "shared unencrypted, allowing people, companies, or governments to listen on a network to discover who is using Grindr, where they are precisely located during a day, how do they look, what do they like, what do they browse," the report noted. "By sharing such information in an unsafe way, Grindr is exposing its users."
SINTEF warned that this information could easily be obtained through hacking, which may pose security risks to Grindr's 3.3 million daily active users. Many live in nations with anti-LGBT laws, or other circumstances where being outed as queer could put their careers or lives in danger.
In a statement to BuzzFeed, Grindr chief technology officer Scott Chen called Apptimize and Localytics "highly-regarded platforms," and defended the data share as "standard practices in the mobile app ecosystem."
"No Grindr user information is sold to third parties. We pay these software vendors to utilize their services," Chen said.
Grindr also released a statement to The Advocate in defense of the data sharing. "When working with these platforms, we restrict information shared except as necessary or appropriate," Chen said. "Sometimes this data may include location data or data from HIV status fields as these are features within Grindr, however, this information is always transmitted securely with encryption, and there are data retention policies in place to further protect our users' privacy from disclosure."
However, it is unclear why Grindr would share information like a user's HIV status with Apptimize, which offers services for A/B testing in mobile apps. (E.g., Do customers respond better to design A or design B, or message A or message B?) This information would hardly be relevant to such a company.
The main service of Localytics pertains to push notifications. Here, the data might be relevant if Grindr is seeking to send users' messages related to their status. In a statement, Bryan Dunn, vice president of product at Localytics, said the company "leverages appropriate security controls to protect all customer data."
"Under no circumstances does Localytics automatically collect a user's personal information, nor do we require personal information in order for our customers to get the benefits from using our platform," Dunn added. "It is up to each customer to determine what information they send to Localytics, and Localytics processes that data solely for the customer’s use. We do not share, or disclose, our customer’s data."
Cooper Quintin, senior staff technologist and security researcher at the Electronic Frontier Foundation, cautioned to BuzzFeed that even if third parties are trustworthy, each copy of the data presents new security risks.
"Even if Grindr has a good contract with the third parties saying they can’t do anything with that info, that’s still another place that that highly sensitive health information is located,” Quintin said. “If somebody with malicious intent wanted to get that information, now instead of there being one place for that — which is Grindr — there are three places for that information to potentially become public."
"The inclusion of HIV status information within our platform is always regarded carefully with our users’ privacy in mind, but like any other mobile app company, we too must operate with industry standard practices to help make sure Grindr continues to improve for our community," Chen said. "We assure everyone that we are always examining our processes around privacy, security and data sharing with third parties, and always looking for additional measures that go above and beyond industry best practices to help maintain our users' right to privacy."
Last week, Grindr announced a new service for users: a reminder every three to six months to get tested for HIV along with directions to a testing site. The move was lauded by AIDS activists, who hoped the service would tackle stigma against the virus, in addition to providing education regardng health services.
Activists were the opposite of thrilled with the SINTEF report. In a statement to BuzzFeed, James Krellenstein, a member of ACT UP New York, condemned Grindr's sharing of HIV statuses as "an extremely, extremely egregious breach of basic standards that we wouldn’t expect from a company that likes to brand itself as a supporter of the queer community."
Read Chen's full statement on Grindr's Tumblr page.