It has been discovered that Grindr is guilty of a shocking security breach after a blog called Queer Europe, along with the help of another gay dating app called F*ckr, used a technique called trilateration to hack into the app’s API (Application Programming Interface).
They found that they were able to pinpoint Grindr user’s exact location.
Queer Europe posted a video to Twitter demonstrating how it was done, writing that “applications designed to locate Grindr Users are publicly available online.”
Applications designed to locate Grindr users are publicly available online, and give anyone access to a virtual map on which you can travel from city to city, and from country to country, while seeing the exact location of cruising men that share their distance online. pic.twitter.com/0IumD6laAE
— Queer Europe 🏳️🌈 (@QueerEurope) September 13, 2018
Upon the discovery, Queer Europe wrote on their website:
“While sitting behind my laptop, I could see in which restaurants he was eating, in which cafes he was drinking, and in which nightclubs he was dancing. I could also see that he went to the gay sauna at 1 am and then slept at a stranger’s house at 3 am. By making it so easy to track individuals with precision, Grindr makes its users extremely vulnerable to harassment and stalking.”
The Inquirer also reported that F*ckr users could “uncover up to 600 Grindr users within minutes.”
This is not the first time the app has been found to have major security flaws, as of March this year it was found that a site called C*ckblocked allowed users to “enter their Grindr info and see who had blocked them on the app.”
The developer of C*ckblocked, Trevor Faden, told NBC that he could then identify user’s locations, even if they had their location settings switched off, and that he could also view deleted pictures, unread messages and email addresses.
Similarly, it was discovered in 2014 that Grindr user’s exact locations could be identified, resulting in Grindr pulling out of countries such as Russia, Nigeria, Egypt, Iraq and Saudi Arabia, where it could be potentially life-threatening to be exposed as gay. Although, Queer Europe reported that it was still available in countries such as Algeria, Turkey, Belarus, Ethiopia, Qatar, Abu Dhabi, Oman, Azerbaijan, China, Malaysia and Indonesia, where being exposed as gay can be just as risky.
Since the exposé, F*ckr has been disabled by its host GitHub, while Grindr CEO Scott Chen made a statement, promising that the app “will continue trying to evolve and improve our platform.”
© 2018 GCN (Gay Community News). All rights reserved.
GCN has been a vital, free-of-charge information service for Ireland’s LGBTQ+ community since 1988.
During this global COVID pandemic, we like many other organisations have been impacted greatly in the way we can do business and produce. This means a temporary pause to our print publication and live events and so now more than ever we need your help to continue providing this community resource digitally.
GCN is a registered charity with a not-for-profit business model and we need your support. If you value having an independent LGBTQ+ media in Ireland, you can help from as little as €1.99 per month. Support Ireland’s free, independent LGBTQ+ media.