Fraud ad scheme hits popular queer dating app Grindr

The app became the perfect target given its massive user database.

SOPA Images/LightRocket/Getty Images

Grindr is back in the news for yet another controversy. The Norwegian Consumer Council recently criticized the app for exposing sensitive user data and now a Pixalate report indicates that ad fraudsters stole revenue from advertisers through the Android app and targeted connected Roku apps and devices.

The ad scheme, titled DiCaprio, was "weaponized by ad fraudsters, using real people's devices as proxies to carry out apparent fraud, raising even more questions around app security, consumer privacy, national security, and ad fraud prevention," according to the cybersecurity team's report.

Why Grindr — The alleged ad fraud shows how mobile apps carry loopholes that can be easily exploited by bad actors. In the case of Grindr, Pixalate's CTO Amin Bandeali told BuzzFeed News that it was the perfect app for an attack.

"If I'm a fraudster, I would love to target an app that has a lot of user engagement," Bandeali explained. Dating apps such as Grindr are the prime target as "users are on them constantly." The app is available to users in at least 192 countries around the world and has been downloaded off the Google Play Store over 10 million times.

What Roku says — A representative for the company told The New York Daily News that Roku had "determined that the activity referenced is not happening on the Roku platform. It appears someone has created one or more Android apps that fraudulently attempt to simulate ad requests sourcing from a Roku device."

Pixalate's report offers a deep glimpse into how fraudsters were able to exploit Grindr's system. If you're interested, you can read the analysis right here. In the meantime, Grindr is reportedly working on fixing the issue. It's worth noting, though, the company wasn't aware of the scheme until BuzzFeed News reached out for a comment.

In response, a Grindr representative stated that the firm was "taking steps to address it and are continually working to implement new strategies to protect our users."