Grindr has said HIV status will no longer be shared with other data as of the app’s next update – whenever that may be – and defended itself, calling the app a “public forum”.
Article by Laurence Barber, StarObserver.com.au
Gay dating and hookup app Grindr has been sharing sensitive data that includes users’ HIV status and location with third party services.
Two companies which optimise apps, Apptimize and Localytics, have been identified so far as recipients of the information, Buzzfeed reported.
HIV status information is sent along with GPS data, phone ID and email, meaning the data could have been used to specifically identify HIV-positive users.
Since news of the privacy breach broke, Grindr has said HIV status will no longer be shared with other data as of the app’s next update – whenever that may be – and defended itself, calling the app a “public forum”.
Grindr said that it did not sell users’ data, and only provided information to third-party vendors in order to improve the app.
“It’s important to remember that Grindr is a public forum. You should carefully consider what information to include in your profile,” said Scott Chen, Grindr’s Chief Technology Officer.
“There are data retention policies in place to further protect our users’ privacy from disclosure,” said Chen.
The recent Cambridge Analytica scandal involving Facebook has cast doubts on the ability of social networking sites and apps to protect users’ data.
Speaking to Buzzfeed, ACT UP New York member James Krellenstein said Grindr “is a relatively unique place for openness about HIV status.”
“To then have that data shared with third parties that you weren’t explicitly notified about, and having that possibly threaten your health or safety — that is an extremely, extremely egregious breach of basic standards that we wouldn’t expect from a company that likes to brand itself as a supporter of the queer community.”
Cybersecurity experts are SINTEF revealed that users’ exact GPS location, ethnicity, relationship status, sexuality and ‘tribe’ alongside their phone ID are being shared, and that this data was often shared in plain text, meaning it could be easily hacked.