Despite having recently rolled out a progressive new , popular gay hookup app Grindr has today come under fire for disclosing the sexual health status of its members to two third-party businesses named and .
The user information was shared along with other identifying data including phone ID, location, and email address.
Speaking to , HIV advocate James Krellenstein said the breach of user trust was a huge point of concern.
“To... have that data shared with third parties that you weren’t explicitly notified about, and having that possibly threaten your health or safety — that is an extremely, extremely egregious breach of basic standards that we wouldn’t expect from a company that likes to brand itself as a supporter of the queer community,” he said.
Grindr, which has over 3.6 million daily active users globally, was quick to address the news, online.
“As an industry standard practice, Grindr does work with highly-regarded vendors to test and optimise how we roll out our platform. These vendors are under strict contractual terms that provide for the highest level of confidentiality, data security, and user privacy,” the statement read.
“It’s important to remember that Grindr is a public forum. We give users the option to post information about themselves including HIV status and last test date, and we make it clear in our privacy policy that if you choose to include this information in your profile, the information will also become public. As a result, you should carefully consider what information to include in your profile.”
It continued: “The inclusion of HIV status information within our platform is always regarded carefully with our users’ privacy in mind, but like any other mobile app company, we too must operate with industry standard practices to help make sure Grindr continues to improve for our community. We assure everyone that we are always examining our processes around privacy, security and data sharing with third parties, and always looking for additional measures that go above and beyond industry best practices to help maintain our users’ right to privacy.”
However, according to security researcher Cooper Quintin, sharing user data with any third party would always make it more vulnerable to exposure - regardless of how secure the relationship between businesses.
“Even if Grindr has a good contract with the third parties saying they can’t do anything with that info, that’s still another place that that highly sensitive health information is located,” he told BuzzFeed News.
“If somebody with malicious intent wanted to get that information, now instead of there being one place for that — which is Grindr — there are three places for that information to potentially become public.”
Speaking to , Bryce Case - Grindr's top security official - responded to public backlash by saying the company would stop the sharing users' sexual health information.
"I understand the news cycle right now is very focused on these issues," Case said. "I think what's happened to Grindr is, unfairly, we've been singled out."
Grindr's CTO, Scott Chen, initially played down the incident, telling BuzzFeed that "thousands of companies use these highly-regarded platforms".
"These are standard practices in the mobile app ecosystem," he said. "No Grindr user information is sold to third parties. We pay these software vendors to utilise their services."
He continued: "The limited information shared with these platforms is done under strict contractual terms that provide for the highest level of confidentiality, data security, and user privacy."
Many users, commentators, activists and politicians have taken to social media to voice their concerns, with US Senator Ed Markey : "Privacy isn’t just about credit card numbers and passwords. Sharing sensitive information like this can put LGBT Americans at risk."
Despite ongoing criticism, Bryce Case maintained that Grindr remained committed to user trust, saying: "We’ve been very careful to balance the needs of our customers with the needs of our advertisers. User trust is paramount."
