The developers of gay hook-up app Grindr have always claimed that the geo-locating functionality is vague enough to be convenient rather than unnerving. That may be true of the app itself, but the data it provides third parties can be easily exploited, according to an investigation by Queer Europe.
The site found that using a third-party app – the unimaginatively named “Fuckr” – users can uncover up to 600 Grindr users within minutes. That may sound similar to the main app, except that Fuckr deobfuscates the location, bringing it to an accuracy of 2 to 5 meters (6 to 16 feet). Given the app can also leach the photo, this is an early Christmas present to stalkers, opening to the potential to tie down users to a single room of a house.
It works through trilateration. In-app, Grindr will tell you that someone is “X feet away”, but by creating virtual accounts around the target, and then moving them closer and further away, a third-party app is able to get a more exact figure from the original data. Because Fuckr has access to Grindr’s private database, this is just scratching the surface of the information it can draw out: body type, ethnicity, HIV status, last HIV test date and the kind of sensitive sexual information you’d be unlikely to garner from a LinkedIn leak.
But it’s not just the stalking concerns which are a real problem here. Although Grindr has disabled location tracking in countries where gay men face persecution like Russia, Nigeria, Egypt, Iraq and Saudi Arabia, there are plenty of nations where it’s still enabled. In other words, gay men and trans people with Grindr accounts in Qatar, Turkey, Algeria, Abu Dhabi and the United States could be pinpointed by those looking to harass, arrest or much worse..
GitHub, which hosted the app’s repository, has disabled public access to Fuckr, but that doesn’t stop the main issue: the API is alarmingly open to abuse, and a private API in the wrong hands ceases to be private. For the time being, it’s best to disable location services for Grindr until the company gets its privacy house in order. Please stay safe.