Grindr is probably the most famous dating app short of Tinder. Focused exclusively on gay men, the app has courted controversy just for its very nature, but new reporting may throw its status as a popular app in doubt. Grindr has allegedly been sharing deeply personal information, such as the HIV status of its users, with outside companies.
It’s not clear that the data was shared intentionally, but the degree of the leak is alarming. Buzzfeed, which verified the work of an outside research firm, found that the data was being shared with app optimization companies Apptimize and Localytics, as a mass data dump:
Because the HIV information is sent together with users’ GPS data, phone ID, and email, it could identify specific users and their HIV status, according to Antoine Pultier, a researcher at the Norwegian nonprofit SINTEF, which first identified the issue. “The HIV status is linked to all the other information. That’s the main issue,” Pultier told BuzzFeed News. “I think this is the incompetence of some developers that just send everything, including HIV status.”
This could also land Grindr in some fairly serious legal trouble. HIV and AIDS status are protected under the Americans With Disabilities Act, and it’s also often protected on the state level. And while Grindr may not have technically violated medical records law, since it’s a dating site instead of a doctor’s office, it may also be facing questions on that basis depending on where the records went and who used them.
And, of course, there’s the question of unfortunate timing, considering we’re right in the middle of Facebook’s struggles with user privacy in the wake of the Cambridge Analytica scandal. HIV status, positive or negative, is deeply personal information that can put people’s employment, housing, and even their lives at risk even now. That Grindr has seemingly been so cavalier with it in the first place isn’t going to be an easy issue for its users to look past.