Grindr’s security issues are once again in the spotlight as a third party app pinpointed users’ exact location.
Despite constant reassurances from the app about the difficulties of exploiting their location technology, the latest security breach revealed how malicious parties can locate users.
Discovered by blog Queer Europe, they used a third-party app called ‘F*ckr’. It hacks into the company’s private API and uses a technique called trilateration, giving the precise location of its users.
It also exposes the sensitive information found on the app, including sexual position, HIV status, and ‘tribe’.
By giving such intimate details, this could leave users vulnerable to harassment and stalking. This video, uploaded to Twitter, shows the scary reality:
F*ckr has now been disabled by its host, GitHub. However, Queer Europe claims that these apps are widely available online.
The blog adds: ‘After security vulnerabilities had been revealed in 2014, Grindr disabled the distance function in some homophobic countries, such as Russia, Nigeria, Egypt, Iraq and Saudi Arabia.
‘However, it is still possible to locate users in many other countries, such as Algeria, Turkey, Belarus, Ethiopia, Qatar, Abu Dhabi, Oman, Azerbaijan, China, Malaysia and Indonesia.’
With these security flaws, it could allow hostile governments to target gay, bisexual and transgender individuals using the app.
This isn’t the first time the hook-up software has faced such a data breach. Earlier this year, a similar app called ‘C*ckblocked’ was able to pinpoint the exact location of users too.
After that breach, the company released a statement, claiming ‘safety and security of our users is of paramount importance to us’.
However, there are still problems. For example, earlier this year it was uncovered that Grindr was revealing its users’ HIV status to third-party companies. It later faced investigation.