Back in March, a report revealed that Grindr suffered from flaws that could expose its users' personal information. The company issued a statement in response that said its location tracking feature is more akin to a square on an atlas and can't pinpoint users' exact location. According to a new investigation by Queer Europe, though, Grindr can still expose people's personal data through a third-party app called "Fuckr," which was released in 2015 and can locate up to 600 Grindr users within minutes. And by "locate," we mean it can tell where users are with an accuracy of 6 to 16 feet -- accurate enough to tell which establishment, house or even room they're in.
The free third party app is built on top of Grindr's private API, giving it access to the gay dating app's database. It uses a technique called "trilateration" to find users, allowing anyone with access to it a way to follow people around as they go about their day. All someone has to do to find users nearby is to use Fuckr's filters, which can narrow people based on their ethnicity, relationships and other data. Yes, because the app can tap into Grindr's database, it can reveal not only users' locations, but also their photo, body type, ethnicity, HIV status, last HIV test and even their sexual position preference.
[Image credit: Queer Europe]
It's easy to see how the app could be used as a tool for harassment and how it could expose users to homophobic violence. Especially since Grindr still makes it possible to locate men in countries where LGBTQ+ people aren't accepted. While it's true that the company blocked location tracking in Russia, Nigeria, Egypt, Iraq and Saudi Arabia, it still allows tracking in countries like Algeria, Turkey, Belarus, Ethiopia, Qatar, Abu Dhabi, Oman, Azerbaijan, China, Malaysia and Indonesia.
BuzzFeed News says GitHub already disabled public access to Fuckr -- it hosted the app's repository -- but there are still loads of modified versions that can do the same thing floating around. The company also didn't respond to the publication's request for a clarification on how Fuckr got access to its private API. As BuzzFeed points out, though, there are many things Grindr can do to prevent third parties from getting access to its database, such as implementing a more powerful way to obscure its precise location tracking feature. For now, users can switch off their phone's location services (or just switch it off for Grindr, in particular) to protect themselves.