Gay male dating app "Grindr" was sending HIV status and location information to third parties



A dating application for gay and bisexual men with over 3.6 million active users worldwideGrindr"Provides personal information such as HIV status and location information to two third party partiesBuzzFeed NewsReported.

Grindr Is Letting Other Companies See User HIV Status And Location Data
https://www.buzzfeed.com/azeenghorayshi/grindr-hiv-status-privacy


Grindr is sending all kinds of user data to third-party companies
https://mashable.com/2018/04/02/grindr-user-privacy-hiv-status/

Grindr was sending user's personal informationApptimizeWhenLocalyticsTwo companies. Apptimize is a company that supports improving the performance of applications, and Localytics is a company that aims to strengthen the connection between applications and users by analyzing data.

He is a researcher of Norwegian Institute of Industrial Science and Technology "SINTEF"According to Antoine Pultier, The information that Grindr shares with third-party companies included HIV status, accurate location information, sexuality, relationship status, race, and smartphone ID. Pultier says that information on HIV is tied to all other information, which is a very big problem. "I am thinking that it is because developers are incompetent to transmit all information including HIV status," Pultier told BuzzFeed News.

In Grindr's HIV status, you can choose detailed status such as "positive" "positive, under HIV treatment" "negative" "take negative anti-HIV drugs", and when the date of the last test was written It is said that. Grindr says that users are relatively unique applications that make such information open.

In addition, it is said that information other than HIV data was being sent with easy hacking "plain text". This means that hackers, criminals, ISPs, governments, etc. can obtain location information of users if they monitor the network. In situations where homosexual discrimination is still taking place globally, being able to easily obtain location information by an application like Grindr could endanger the user, security researcher Cooper Quintin said I will talk.

Scott Chen, Grindr CTO, told BuzzFeed News, "Thousands of companies use these highly respected platforms, which are standard specifications for mobile applications and ecosystems" "No user information from Grindr is sold to third parties, we are paying these software vendors to use the service." In addition, in response to Mashable's interview, he said that "the information is being transmitted in encrypted form and there is a confidentiality policy so that the user's privacy will not be disclosed."


On the other hand, some experts say "even if Grindr has signed a contract with a third-party company" I will not use information for any purpose ", there will be no difference in the user's delicate health information When a malicious intent is trying to obtain this information, the information is in Grindr as well as three other companies, and it has the potential danger of being exposed to the public. " There are people.

Bryan Dunn, Vice President of Localytics, has announced the statement that "We will not disclose or share customer information", but after the report of BuzzFeed News Grindr said " We are announcing that we will "stop sharing HIV status with third parties" while emphasizing that they were not shared and encrypted. "

Exclusive: Grindr to stop sharing HIV status with third parties - Axios
https://www.axios.com/exclusive-grindr-security-chief-on-hiv-disclosure-b5a64fdb-8c1d-4a08-a94e-67506d4a0d0b.html

in Web Application,   Security, Posted by logq_fa