Dating app Grindr will stop sharing the HIV status of its users, but only after the data-sharing practice was exposed by data analysis carried out by a research firm.
Grindr To Stop Sharing HIV Status Of Users
Norwegian nonprofit SINTEF discovered that dating app Grindr, which has over 3.6 million daily active users worldwide, has been sharing the HIV status of its users to two other companies, namely Apptimize and Localytics.
In addition to the HIV status, Apptimize and Localytics also receive the "last tested date" of Grindr users, along with their GPS data, phone ID, and email.
"The HIV status is linked to all the other information. That's the main issue," said SINTEF researcher Antoine Pultier to BuzzFeed News.
With all the information together, it was possible to identify the HIV status of specific users.
Grindr, after receiving backlash from the reports that exposed the data-sharing practice, announced that it will no longer share user information with Apptimize and Localytics. The change will happen alongside the next update for the app, according to Bryce Case, Grindr chief security officer.
Grindr Defends Data Sharing Practice
According to Scott Chen, Grindr chief technology officer, the company hired Apptimize and Localytics to optimize its app. However, it remains unclear why analytics firms will need information regarding the HIV status of users, and Grindr has not yet provided an answer to that query.
Cooper Quintin, Electronic Frontier Foundation security researcher and senior staff technologist, said that there was no reason for Grindr to store such sensitive data with analytics companies.
"Grindr should be taking extra steps to secure this sort of very personal data," he added.
Meanwhile, Case defended the decision of Grindr to share the data to Apptimize and Localytics. He claimed that the third-party companies were only hired to make the app work better and that there was no shady intention in sharing the user data such as to sell them for profit.
Security experts, however, claim that Case's argument of there being no sinister purpose in sharing user data completely misses the point. A person's HIV status is a very sensitive piece of information. Sharing that data with other companies may already be considered as a security malpractice on the end of Grindr, especially because users did not agree to share their HIV status outside of the app.