Hookup App Grindr has found itself in a sticky situation by sharing its users HIV status and location data to other companies, The Inquirer writes.
That's according to BuzzFeed News which reported that Antoine Pultier, a researcher from Norwegian non-profit organisation SINTEF, found that users' HIV status was sent to two other companies, along with their email addresses, phone ID, and GPS data. With all this information, it would be possible for companies that received the data, Apptimize and Localytics, to identify specific users and work out if they were HIV positive or not.
SINTEF also noted that Grindr was passing on user data to advertising companies, with it being the type of information that the app's users may not want shared beyond Grindr. Furthermore, the data was shared in plain text form which would have made it easy for hackers to read if they got their hands on it.
Grindr's chief technology officer Scott Chen told BuzzFeed News that no user data was sold on to third-parties and that Grindr pays other software companies to use their services.
"The limited information shared with these platforms is done under strict contractual terms that provide for the highest level of confidentiality, data security, and user privacy," he said.
But the problem here is two-fold. Firstly, Grindr users may not be explicitly aware that their data is being shared beyond the app, which is a nasty privacy issue that can throw up all kinds of mess - as seen with Cambridge Analytica's use of Facebook data.
Secondly, Grindr is letting private data go beyond the confines of its infrastructure by allowing data to be stored on servers it doesn't control. This not only means they would have to rely on a third-party company to secure that data and keep it private, but it also means hackers have another data source to potentially target. Grindr has since said it will stop sharing the information. But the whole thing opens up a can of worms around just what level of access apps and their companies have to our data and what are they doing with it.
Sure, we all like a free service and are happy to part with our data to have it, but there comes a point when the cost to privacy starts getting too steep and a lack of transparency in data policies starts to build up a culture of distrust.