condom

The hookup and dating app Grindr has been sharing its users’ HIV statuses to third parties, according to a new analysis. The popular gay and bisexual dating app, which has more than 3.6 million daily active users, is believed to have shared the personal health information of users with at least two outside companies.

A report by BuzzFeed News published Monday names Apptimize and Localytics, two separate companies that help optimize apps, as receiving Grindr users’ health information. These companies received users’ HIV statuses and most recent dates of HIV testing — alongside information like email, phone ID, GPS data, ethnicity, and relationship status — making it somewhat simple to connect the specific user and their HIV status. According to the report, Norwegian nonprofit SINTEF first identified the privacy breach.

SINTEF's screenshots of the data sourced from Grindr
SINTEF's screenshots of the data sourced from Grindr

Founded in 2009 as an app catering to gay and bisexual men, Grindr has long promoted sexual health on its platform. Last week, the app debuted an optional feature that would remind users to get tested for HIV every three to six months. Citing its commitment to sexual health, Grindr also offers a category where users can select their HIV status.

The options for selecting such a status are thorough: Users can select statuses of positive, positive and on treatment, negative, or negative and on PrEP, a medication shown to prevent contracting HIV. While users volunteer this information on the app, Apptimize and Localytics were able to use this information alongside identifying details about each user.

While Grindr has yet to release a statement, the app’s privacy policy asks users to “remember that if you choose to include information in your profile, and make your profile public, that information will also become public.”

Even if users chose to be open about their HIV status on the app, critics argue that the data should not have been provided to third parties without the users’ knowledge or consent. If this breach of privacy threatens the health or safety of users, as those quoted in the report suggest, it could call Grindr’s stated principles into question.

Photos via SINTEF, Pixabay