Grindr has been secretly sharing your HIV status with other companies

This just in: Grindr has been secretly sharing its 3.6 million daily active users’ HIV statuses and other sensitive information to at least two other companies.

That’s right, folks. The hookup app has been sending your most personal information, including your HIV status and “last tested” dates, to Apptimize and Localytics, two companies which both help optimize apps.

Related: Yikes! Grindr has a major security flaw that can pinpoint a user’s exact location

According to BuzzFeed News:

Because the HIV information is sent together with users’ GPS data, phone ID, and email, it could identify specific users and their HIV status, according to Antoine Pultier, a researcher at the Norwegian nonprofit SINTEF, which first identified the issue.

“The HIV status is linked to all the other information. That’s the main issue,” Pultier told BuzzFeed News. “I think this is the incompetence of some developers that just send everything, including HIV status.”

James Krellenstein, a member of ACT UP New York, calls the whole thing “an extremely, extremely egregious breach of basic standards.”

“Grindr is a relatively unique place for openness about HIV status,” he says. “To then have that data shared with third parties that you weren’t explicitly notified about, and having that possibly threaten your health or safety–that is an extremely, extremely egregious breach of basic standards that we wouldn’t expect from a company that likes to brand itself as a supporter of the queer community.”

But it’s not just your HIV status Grindr has been sharing.

BuzzFeed News says the app has also been sharing users’ precise GPS positions, “tribes”, sexualities, relationship statuses, ethnicities, and phone IDs to other third-party advertising companies.

Not just that, but the info has often been shared via “plain text,” which can be very easily hacked.

Related: This simple new tool lets you see exactly who’s blocked you on Grindr

“When you combine this with an app like Grindr that is primarily aimed at people who may be at risk–especially depending on the country they live in or depending on how homophobic the local populace is–this is an especially bad practice that can put their user safety at risk,” Cooper Quintin, a senior staff technologist and security researcher at the Electronic Frontier Foundation, says.

Grindr insists the reason it has been sharing people’s highly sensitive health information in an effort to “make the app better.”

“No Grindr user information is sold to third parties,” the company says. “We pay these software vendors to utilize their services.”

But Quintin tells BuzzFeed News the fact that Grindr isn’t selling the information is not the issue. It’s the fact that it’s making it available to third parties that’s a problem.

“Even if Grindr has a good contract with the third parties saying they can’t do anything with that info,” he says, “that’s still another place that that highly sensitive health information is located.”

“If somebody with malicious intent wanted to get that information, now instead of there being one place for that–which is Grindr–there are three places for that information to potentially become public.”

Related: HIV stigma summed up in one nasty 8-word Grindr message