Thursday , December 13 2018 Ausdroid » News » It appears that Grindr has exposed the location of its users .. for years

Grindr, the popular gay dating app for men, has reportedly been exposing its users’ locations for years. What’s worse is the developer has known about this for some time, but has done nothing about it.

The app, which has been downloaded more than 10 million times and offers both a free or paid premium service, was reported via a post on Queer Europe. They discovered the app had been exposing the locations of millions of users using an app called Fuckr, which employs a technique called “trilateration” to find users.

Let’s make this clear, though: Fuckr is in no way related to nor affiliated with Grindr and is built on top of unauthorized access to Grindr’s private API, or “application programming interface,” which basically provides Fuckr with information in Grindr’s database.

Furthermore, it is important to note that Grindr is not deliberately revealing the locations of its users. However the issue basically comes down to incredibly high level precision of the distance location data Grindr collects, shares and allows apps like Fuckr to pinpoint users’ whereabouts according to security researcher Patrick Wardle and his study into the Dos and Donts of Location Aware Apps.

Of course, this isn’t the first time Fuckr has been in trouble. GitHub, which originally hosted the Fuckr repository since it was released in 2015, disabled public access to the app shortly after the Queer Europe post published, citing Fuckr’s unauthorised access to the Grindr API.  Queer Europe has also spoken and confirmed to BuzzFeed that the Fuckr app remains operational and can still make requests for up to 600 Grindr users’ locations at a time.

In a statement to BuzzFeed News, Grindr President and CEO, Scott Chen, stated that the app’s geolocation feature is “core to our platform and user experience,” but also acknowledged that “there are inherent challenges in the use of any app that utilises or relies upon location information.”

“Additionally, we currently utilise a geohash system, which approximates, rather than ‘pinpoints,’ all location information.” He also said that Grindr “will continue trying to evolve and improve our platform,” but did not specify how.es or relies upon location information.”  Chen did not give specifics of the improvements the company was intending to implement nor a timeline given.

So how can you make it harder to track your location through Grindr?

There is no official fix yet coming from the company and this should be a priority for them. However, until then, here is what you can do to reduce the potential for being tracked:

  • Don’t use a VPN – I know, sounds weird but according to Article 19’s Rigot and Shamas, who stated that “A lot of research shows that people are using differing methods to obscure their geo-location, including using a VPN, which doesn’t actually work.”
  • Disable Grindr’s “Show Distance” feature. To do this, open the app and go to your profile, then tap the Settings gear (Located at the top right of the screen), then scroll down to “Show Distance” and tap the slider to disable. By doing this, it will prevent “[x] feet away” from appearing on your profile, and prevent people from locating you through trilateration.
  • If you’re somewhere you’d rather not disclose, temporarily turn off Location Services for Grindr. To to this for Android users (9.0 and up), go to Settings and in the search bar, type “App permissions.” In the App permissions menu, tap Location and next to Grindr, tap the slider to disable. For iOS users, simply open Settings, then scroll down to Privacy, select Location Services, scroll down to Grindr, and select Never.

Of course these steps are only a stop gap measure. Grindr will need to address the flaws in their API to prevent this kind of information from leaking out.

Do you use Grindr? Would you consider deleting the app all together because of this breach in the apps’ security? Let us know your thoughts in the comments section below.

Source: Queer Europe.
Via: BuzzFeed News.

Alex Dennis   Journalist

By day, Alex works within the Industrial Relations field/occupation but by night and in his spare down time he searches the net for anything and everything relating to Android and Chrome related products and news.

Other various interests Alex has include, Accessible transport for people with disabilities along with LGBTIQ and Health related fields and interests for again for people with disabilities.

6
Join the Ausdroid Conversation

avatar
4 Comment threads
2 Thread replies
5 Followers
 
Most reacted comment
Hottest comment thread
5 Comment authors
AndyChris RowlandDaniel NarbettGeek-ish QAdam Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
Andy
Guest
Andy

This article is riddled with errors/mistakes. Is there no QC checks before posting articles here? “A million of users” – you mean millionS of users “comes down to incredibly high level of precision” – you mean high levelS or ‘THE incredibly high level of precision’ “Chen did not give exact specific of the improvements” – you mean specificS and even then it is redundant as ‘exact’ means the same thing in this case. “till” is written as ’til or ‘until’. “here is what we have been to assist at least reduce the potential for being tracked” erm, what?? “Of course… Read more »

Chris Rowland
Ausdroid Director

If you’d like to join our team as a sub editor, you’re welcome to. Believe it or not, these things do get missed because of the sheer volume of information flying around. It’s not an excuse, it’s just what happened.

Andy
Guest
Andy

Not entirely sure if your first sentence was sarcasm, but I could be interested actually. I’m an ex journo, so mistakes tend to jump out at me 😉

Daniel Narbett
Guest
Daniel Narbett

Sounds like a Bumr

Geek-ish Q
Guest
Geek-ish Q

I know I will get flamed for this. But… Duh! The whole point of this app is to find your next FB near you for instant hookups. Without the location service, the app is basically useless other than messaging within the app, which other messaging services will do just as well with better data security. Anyone who uses this type of app should be aware that your mobile is advertising where you are loud and clear all the time. Even when the app is in the background. Otherwise, you will not appear in other users’ screen, which defeats the whole… Read more »

Adam
Guest
Adam

Wow, that isn’t cool; I wonder why/how Grindrs location API is any different to other services that use a similar system – could someone build a location finder fro them or is Grindr just terrible at security?

This could spell a lot of trouble for anyone in less tolerant countries, if someone were to find out they could do this and use it maliciously 🙁

Check Also

Pixel Sounds 2.0 has begun rolling out bring with it Visualisations and downloadable Ringtones by Google

After the leak last week from a Play Store listing showing that Google was planning …