Warning: *privacy not included with this product
Review date: 03/04/2021
Launched in 2009, Grindr is the largest dating app for gay, bisexual, queer, and trans men. The app matches people based on location using the location tracking features on your mobile phone. Grindr is free to sign up, premium users can eliminate those third-party ads. Historically, Gindr has had a horrible track record on privacy, including coming under fire for its data breaches and sharing user data to advertisers without user consent. Grindr has operated under new ownership since June 2020; we’re keeping an eye out to see if they make changes to do better at protecting users’ privacy and security.
What could happen if something goes wrong
Like all dating apps where sharing your most sensitive personal data with others, there's a lot that can go wrong. This is particularly true for an app like Grindr that includes location-based matching within a potentially vulnerable community. So what can go wrong? In 2020 a security researcher found a loophole where a hijacker could take over an account and get access to account data. The company eventually fixed the issue and announced a new bug bounty program to incentive outside security review, which is an industry best practice. Strong password requirements are also a best practice, but we can't find their policy on this so are unsure how it's enforced. What else can go wrong? Well your data could get leaked or used in ways you didn't agree to, which is what happened when the company shared users’ HIV data with other companies in 2018. Recently, the Norwegian Data Protection Authority said they are investigating whether Grindr shared personal user information with advertising companies, a violation that could result in a fine. Many current users express concern about the amount of fake profiles on the app and the dangers that could result from interacting with anonymous profiles. After buying Gindr, its new owners acknowledged others’ concerns about the company’s track record on privacy and have taken steps to rebuild trust. Grindr recently shared clear details about their data sharing practices including their data retention timelines. The company keeps data for a short amount of time, which is better news for you, because the less time your TMI photos and messages sit around on a server the less likely it is that someone else will find them. Grindr says its location based data tracks users within 100 meters, and that the company does not sell personal information to advertisers. Grindr’s history of data breaches is not unique to the industry, nor is its relationship with advertisers. However, due to its poor historical track record on privacy, and the relative newness of the current ownership, we remain concerned. Our recommendation is to look at other options if you want to use a dating app with a longstanding commitment to privacy.
Can it snoop on me?
What is required to sign up?
Third party account
Users can choose between email or social (Google, Facebook or Apple) or phone to verify their account.
What data does it collect?
Height (optional), weight (optional)
How does it use this data?
How can you control your data?
What is the company’s known track record for protecting users’ data?
In 2018, it was revealed Grindr allowed other companies access to user HIV status and location data. In addition, Grindr is being investigated by the Norwegian Data Protection Authority for potentially exposing user data to advertisers in the past.
Can this product be used offline?
User friendly privacy information?
Links to privacy information
Does this product meet our Minimum Security Standards?
Grindr uses HTTPS and certificate pinning for network requests
Grindr requires a six character password. However, we were able to log in using 123456.
From email exchange: "Grindr has a mechanism in the backend to block logins that predate a minimum version we can specify if we need to make a major change for security reasons."
Users can submit a vulnerability report directly on Grindr's website at https://www.grindr.com/security/.
Does the product use AI?
Does the AI use your personal data to make decisions about you?
Does the company allow users to see how the AI works?