Report: Grindr Users Put at Risk by Security Flaws

Flaws in Grindr's technology made users vulnerable to hacking and others tracking their whereabouts — even if users shut off the feature that broadcasts their location — according to an NBC News report.

Grindr officials say they've corrected one of the faulty features, which was exposed by a man named Trever Faden after he created a site called C*ckblocked. The website ostensibly allowed Grindr users to see who blocked them by entering their Grindr log-in and password to C*ckblocked. In doing so, Faden was exposed to those users' "unread messages, email addresses, deleted photos, and the location data of users, some of whom have opted to not share their locations publicly."

Entering information into third-party sites is very risky — Cambridge Analytica exploited a third-party quiz to lift information from 50 million Facebook users, data that was then used to target voters and put Donald Trump in the White House. 

Grindr previously warned users of entering their app information into third-party sites; they also said they changed their technology so other sites cannot access their whereabouts. Giving away users' locations is obviously dangerous, but especially in homophobic nations where some gay and bi men are entrapped through hookup apps like Grindr.

The concern about inadvertently tracking the movements of Grindr users is not completely assuaged, though. Faden, who has since shut down C*ckblocked, also discovered another flaw in the app's technology, one that doesn't require the involvement of a third-party site. All Grindr users are required to send location data to its servers, but not all that data is encoded, "meaning that passive observers of internet traffic — for instance, on a public Wifi network watched over by a country's government — can identify the location of anyone who opens the app," NBC News reports.