Grindr will stop sharing the HIV data of its users following a BuzzFeed report that the same-sex hookup app was sending personal information to third-party services.
BuzzFeed first reported that researchers at Norwegian nonprofit group SINTEF discovered that Apptimize and Localytics, two companies that help Grindr manage its marketing practices, were receiving users’ HIV status, including last date tested, GPA data, phone ID and email.
SINTEF researcher Antoine Pultier told BuzzFeed that its concerning that users’ identities could be discovered.
“The HIV status is linked to all the other information. That’s the main issue,” Pultier says. “I think this is the incompetence of some developers that just send everything, including HIV status.”
Scott Chen, Grindr’s chief technology officer, told BuzzFeed in a statement that use of third-party companies to analyze user data for marketing purposes is common.
“Thousands of companies use these highly regarded platforms. These are standard practices in the mobile app ecosystem,” Chen says.“No Grindr user information is sold to third parties. We pay these software vendors to utilize their services.”
Grindr responded to the report by noting that users run the risk of exposing private information because they are using a public app. It also notes that users can opt out of sharing certain information.
Bryce Case, Grindr’s head of security, announced to Axios that it will no longer share users’ HIV status with third-party companies.
“I understand the news cycle right now is very focused on these issues,” Case told Axios refering to the recent data breach scandal of Facebook and Cambridge Analytica. “I think what’s happened to Grindr is, unfairly, we’ve been singled out.”
This isn’t the only security risk Grindr users have faced in the last week. C*ckblocked, another third-party site, uncovered a major security flaw in Grindr’s application programming interface (API) which allowed anyone to access users’ email addresses, deleted photos, personal messages and location.
Grindr has since patched the flaw and reminded users not to use their Grindr username and password for other sites.