Grindr location data was reportedly for sale for at least three years (updated)

Grindr's past willingness to share sensitive data may have been more problematic than previously thought. The Wall Street Journal understands precise Grindr user location data was collected from the online ad network MoPub (once owned by Twitter) and put on sale through its partner company UberMedia (now UM) since "at least" 2017. The LGBTQ dating app curbed the practice when it limited location data collection in early 2020, but there's a possibility that legacy information might still be available.

An anonymous former senior employee speaking to the Journal claims Grindr initially didn't believe sharing location data with marketers posed privacy issues. Ad execs reportedly told the company that real-time bidding, or displaying ads based on a user's immediate location, was transforming the industry.

Grindr told the Journal in a statement that its 2020 policy change meant it shared less data with advertisers than "any of the big tech platforms" and most dating app rivals, although it didn't address historical info. Twitter said UberMedia was held to MoPub's data use restrictions at the time, while UberMedia's current owner Near said "thousands of entities" have access to data shared in the real-time bidding system. It challenged concerns that location data without direct personal information could help trace individuals.

Near's claim isn't necessarily true, however. Catholic publication The Pillar said it used sold Grindr data to track usage and ultimately oust a senior church official. There are also fears that countries with anti-LGBTQ laws could use Grindr locations to arrest the app's users — Grindr restricted location features during the Beijing Winter Olympics precisely to prevent this kind of abuse with athletes. The US forced Grindr's Chinese owner Kunlun to sell the company by mid-2020, in part over worries China's government might misuse personal info for American citizens.

The company's own practices were also under scrutiny at the time. It reportedly shared HIV statuses with app optimization firms, and Kunlun's Chinese engineers had access to a database of sensitive info for months. Security was also an issue. One vulnerability permitted an outside app to collect exact locations, while another let intruders hijack accounts using only an email address. Simply put, Grindr wasn't as conscious of its data handling as it apparently is now.

Update 5/2 12:15PM ET: Grindr reiterated its statement to Engadget and pointed to a blog post defending its practices since improving privacy in 2020, calling the Journal story "old news." You can read the full statement below.

“Grindr users value privacy, and we have put our users’ privacy first even when it meant lower revenue. The activities that have been described would not be possible with Grindr’s current privacy practices, which we’ve had in place for two years.”