Grindr users — which include gay, bi, trans, and queer people — can indicate on their profile whether they are HIV positive or negative, when is the last time they got tested, and whether they’re taking HIV treatment or the HIV-preventing pill PrEP. But the app has not been keeping this info private: Grindr has been sharing people’s HIV statuses and test dates with two companies that help optimize the app, called Apptimize and Localytics, BuzzFeed reports. Because the HIV info is shared along with GPS data, phone IDs, and email addresses, it makes it possible to link specific Grindr users with their health condition.
What’s more, the app has been sharing users’ info — like GPS location, sexuality, relationship status, and phone ID — with advertising companies, according to SINTEF. In some cases, this data was not protected by encryption.
Hours after BuzzFeed’s report, Grindr told Axios that it had made a change to stop sharing users’ HIV status. The company’s security chief, Bryce Case, told Axios that he felt Grindr was being “unfairly ... singled out” in light of Facebook’s Cambridge Analytica scandal and said that the company’s practices didn’t deviate from the industry norm.
Grindr’s chief technology officer, Scott Chen, also told BuzzFeed that it’s “standard practices” for mobile apps to work with companies like Apptimize and Localytics, and that the data was shared “under strict contractual terms that provide for the highest level of confidentiality, data security, and user privacy.” He added that Grindr doesn’t sell its user info to third parties. Still, security experts and LGBT advocates told BuzzFeed the app should have been more clear on how it handles the data, especially since it affects an already-vulnerable community that’s often victim of harassment.
“Grindr is a relatively unique place for openness about HIV status,” James Krellenstein, a member of AIDS advocacy group ACT UP New York, told BuzzFeed. “To then have that data shared with third parties that you weren’t explicitly notified about, and having that possibly threaten your health or safety — that is an extremely, extremely egregious breach of basic standards that we wouldn’t expect from a company that likes to brand itself as a supporter of the queer community.”
Update April 2nd, 7:10PM ET: This story has been updated to include that Grindr has stopped sharing HIV data.