0 feet away

New report uncovers more bad news for Grindr… and its users

Grindr users beware: Your personal information is likely being shared with other companies much more than you think.

The gay dating app, which remains under the ownership of Chinese mobile gaming company Kulun and has been previously criticized over privacy concerns, was the source of another user data investigation.

The New York Times reports Grindr “transmitted user-tracking codes and the app’s name to more than a dozen companies, essentially tagging individuals with their sexual orientation, according to the report, which was released Tuesday by the Norwegian Consumer Council, a government-funded nonprofit organization in Oslo.”

Related: Ex-Grindr employees expose dark side of world’s largest gay hookup app

Users’ locations were also sent to multiple companies, and that data could then be shared with yet more businesses, according to the report.

The Times tested the claim using Grindr’s Android app and confirmed that exact latitude/longitude data was shared with five companies.

“Grindr’s app, for instance, includes software from MoPub, Twitter’s ad service, which can collect the app’s name and a user’s precise device location, the report said. MoPub in turn says it may share user data with more than 180 partner companies. One of those partners is an ad tech company owned by AT&T, which may share data with more than 1,000 [third-party providers.]”

In a statement, Twitter said: “We are currently investigating this issue to understand the sufficiency of Grindr’s consent mechanism. In the meantime, we have disabled Grindr’s MoPub account.”

Related: Grindr users face new scam…and this one is a doozie

“Every time you open an app like Grindr advertisement networks get your GPS location, device identifiers and even the fact that you use a gay dating app. This is an insane violation of users’ EU privacy rights,” said Max Schrems, founder of the European privacy non-profit noyb.

A press release announced that, “the Norwegian Consumer Council has filed three formal complaints against the gay/bi dating app Grindr and five adtech companies that were receiving personal data through the app: Twitter`s MoPub, AT&T’s AppNexus, OpenX, AdColony and Smaato. All complaints were filed, in cooperation with noyb, at the Norwegian Data Protection Authority (DPA) because of breaches of the General Data Protection Regulation (GDPR).”

Other dating apps like OkCupid and Tinder were also part of the investigation. Read more here.

Grindr had not read the report when asked for comment.