Grindr, the popular gay dating app for men, has reportedly been exposing its users’ locations for years. What’s worse is the developer has known about this for some time, but has done nothing about it.
The app, which has been downloaded more than 10 million times and offers both a free or paid premium service, was reported via a post on Queer Europe. They discovered the app had been exposing the locations of millions of users using an app called Fuckr, which employs a technique called “trilateration” to find users.
Let’s make this clear, though: Fuckr is in no way related to nor affiliated with Grindr and is built on top of unauthorized access to Grindr’s private API, or “application programming interface,” which basically provides Fuckr with information in Grindr’s database.
Applications designed to locate Grindr users are publicly available online, and give anyone access to a virtual map on which you can travel from city to city, and from country to country, while seeing the exact location of cruising men that share their distance online. pic.twitter.com/0IumD6laAE
— Queer Europe 🏳️🌈 (@QueerEurope) September 13, 2018
Furthermore, it is important to note that Grindr is not deliberately revealing the locations of its users. However the issue basically comes down to incredibly high level precision of the distance location data Grindr collects, shares and allows apps like Fuckr to pinpoint users’ whereabouts according to security researcher Patrick Wardle and his study into the Dos and Donts of Location Aware Apps.
Of course, this isn’t the first time Fuckr has been in trouble. GitHub, which originally hosted the Fuckr repository since it was released in 2015, disabled public access to the app shortly after the Queer Europe post published, citing Fuckr’s unauthorised access to the Grindr API. Queer Europe has also spoken and confirmed to BuzzFeed that the Fuckr app remains operational and can still make requests for up to 600 Grindr users’ locations at a time.
In a statement to BuzzFeed News, Grindr President and CEO, Scott Chen, stated that the app’s geolocation feature is “core to our platform and user experience,” but also acknowledged that “there are inherent challenges in the use of any app that utilises or relies upon location information.”
“Additionally, we currently utilise a geohash system, which approximates, rather than ‘pinpoints,’ all location information.” He also said that Grindr “will continue trying to evolve and improve our platform,” but did not specify how.es or relies upon location information.” Chen did not give specifics of the improvements the company was intending to implement nor a timeline given.
So how can you make it harder to track your location through Grindr?
There is no official fix yet coming from the company and this should be a priority for them. However, until then, here is what you can do to reduce the potential for being tracked:
- Don’t use a VPN – I know, sounds weird but according to Article 19’s Rigot and Shamas, who stated that “A lot of research shows that people are using differing methods to obscure their geo-location, including using a VPN, which doesn’t actually work.”
- Disable Grindr’s “Show Distance” feature. To do this, open the app and go to your profile, then tap the Settings gear (Located at the top right of the screen), then scroll down to “Show Distance” and tap the slider to disable. By doing this, it will prevent “[x] feet away” from appearing on your profile, and prevent people from locating you through trilateration.
- If you’re somewhere you’d rather not disclose, temporarily turn off Location Services for Grindr. To to this for Android users (9.0 and up), go to Settings and in the search bar, type “App permissions.” In the App permissions menu, tap Location and next to Grindr, tap the slider to disable. For iOS users, simply open Settings, then scroll down to Privacy, select Location Services, scroll down to Grindr, and select Never.
Of course these steps are only a stop gap measure. Grindr will need to address the flaws in their API to prevent this kind of information from leaking out.
Do you use Grindr? Would you consider deleting the app all together because of this breach in the apps’ security? Let us know your thoughts in the comments section below.