It appears that Grindr has been exposing the exact locations of its users for years. Developers apparently have known about the glitch for a while, and it seems they haven’t addressed the issue.
Queer Europe with the assistance of a third-party app made the discovery and found a way to hack Grindr’s private API, using a technique called trilateration to pinpoint user’s precise locations.
Here’s a terrifying video of just how easy it is:
The Inquirer stated:
The site found that using a third-party app–the unimaginatively named “F*ckr”–users could uncover up to 600 Grindr users within minutes. That may sound similar to the main app, except that F*ckr deobfuscates the location, bringing it to an accuracy of six to 16 feet. Given the app can also leach the photograph, this is an early Christmas present to stalkers, opening to the potential to tie down users to a single room of a house.
F*ckr can also access a user’s sensitive sexual information, including last HIV test date, HIV status and those photos you thought were private.
Queer Europe reported:
After security vulnerabilities had been revealed in 2014, Grindr disabled the distance function in some homophobic countries, such as Russia, Nigeria, Egypt, Iraq, and Saudi Arabia. However, it is still possible to locate users in many other countries, such as Algeria, Turkey, Belarus, Ethiopia, Qatar, Adu Dhabi, Oman, Azerbaijan, China, Malaysia, and Indonesia. The governments of these countries heavily repress LGBTQ people and can easily exploit this vulnerability to blackmail individuals or to surveil queer communities.
F*ckr has since been disabled by its host, GitHub. In the meantime Grindr President and CEO Scott Chen was quick to release a statement saying “will continue trying to evolve and improve our platform”; but no specific improvements or timeline for when the improvements will be implemented.