The discovery was made by Norwegian NGO Sintef and released by Buzzfeed News earlier this week. After the negative repercussion, the app reported that it will no longer provide users' HIV status to other companies.
10 most dangerous virtual threats of 2017
Grindr dating app aimed at LGBT audiences Photo: Divulgao / Grindr
Grindr allows you to publish information related to sexually transmitted disease, such as the last time the test was done and whether the user is HIV-positive or not, if the user wants to. This way, this information is available to be viewed by all participants of the application.
The problem is that the data was not restricted only within the app, but was also shared with third parties. Grindr sent two data monitoring companies, Apptimize and Localytics, a series of information, such as phone, email, location and the users' HIV status.
All the material was sent together, a practice condemned by experts in digital security. A hacker, when hacking into the company's servers, could locate a specific person when crossing the information.
The application defends itself by saying that the information was not used for advertising or other commercial purposes. At the time, according to Grindr, partner companies performed data analysis to help develop new functions, a common practice in the industry.
These suppliers are under strict contractual conditions that provide the highest level of user confidentiality, data security and privacy, explains Scott Chen, CTO of Grindr, in a post on the company's official blog. This information is always transmitted with encryption, he says.
With information from The Guardian, BuzzFeed News (1 and 2) and Digital Trends