Grindr users were in for a nasty surprise when BuzzFeed News and SINTEF revealed that the dating app was sharing highly sensitive information about them with third-party apps, without the users’ explicit consent. The information that was shared included HIV status, last date of testing, along with identifying information about the phone, email, and GPS data.
The companies that used the sensitive information from Grindr are Apptimize and Localytics. These companies optimize apps and have impressive reviews or well-known clients. Peter Gray from the Wall Street Journal even said that Apptimize helps them “collect actionable data.” Meanwhile, Localytics offers “Advanced Targeting” services, which gives companies access to “all the data in [their] platform.” It’s unknown what data these companies actually have access to, but if Grindr’s data sharing is any indication, they may have huge amounts of sensitive information, not just from Grindr but other companies too.
Users had the option starting in 2017 to list their HIV status and last test date, according to Global Dating Insights. Upon rolling out the new feature, the company’s Equality Director, Jack Harrison-Quintana said that “Honesty, compassion, and education lay the foundation to make Grindr an even safer space for guys to connect, and we can all contribute to getting there.”
According to the Center For HIV Law & Policy, HIV status can jeopardize people’s employment, safety, and is “widely perceived as socially dangerous.” Because of the sensitive nature of this information, there are HIV status confidentiality laws to protect people.
For example, in Illinois, your HIV status is confidential, and no one can disclose your HIV status without your permission. In New York, on the other hand, confidentiality laws only permit disclosure of HIV statuses with an HIV release form. Also, any individual who receives HIV-related information is required to keep it confidential. The New York Department of Health does not outline specific laws that apply to companies that store people’s HIV statuses.
Also, Aidsmap noted that “if someone tells, or attempts to tell, anyone about an individual’s HIV status without his or her consent after this had been confided in trust, then this is likely to be a ‘breach of confidence.'” In the past, this has applied to individuals telling other people about someone’s HIV status.
The gray line in this issue is that Grindr users were self-disclosing their HIV status and last test dates. However, at no point did the users give explicit permission for Grindr to share this information with other companies.
Even so, Grindr’s Chief Technology Officer Scott Chen is unfazed.
“Thousands of companies use these highly-regarded platforms. These are standard practices in the mobile app ecosystem…No Grindr user information is sold to third parties. We pay these software vendors to utilize their services.”
Grindr was previously under scrutiny when it was bought by Kunlun Group, a Chinese-based company. The Inquisitr reported that Josh Rogin from the Washington Post raised questions, and suggested ulterior motives.
“The Chinese government is sweeping up massive amounts of data on not only its own citizens, but also Americans and others, as part of a unique and well-planned effort to build files on foreigners for intelligence purposes.”
App users expressed their discontent with the company’s official response on Twitter.
Grindr is leaking users' GPS locations over plaintext and sharing users' HIV status with companies. Their disappointing response?
"These are standard practices in the mobile app ecosystem." https://t.co/xlVfvrvQp9
— EFF (@EFF) April 2, 2018
as several privacy advocates pointed out, this is all troubling for an app that is used by 3.6 million active daily users who, in many places, could be in physical danger for using the app in the first place/ being gay/ being HIV positive https://t.co/0DvdwLc7At
— Azeen Ghorayshi (@azeen) April 2, 2018
Senator Markey from Massachusetts also weighed in.
Privacy isn’t just about credit card numbers and passwords. Sharing sensitive information like this can put LGBT Americans at risk.https://t.co/Guay2RBuk8
— Ed Markey (@SenMarkey) April 2, 2018