A new study has exposed a technical weakness in gay dating apps Grindr and Jack’d that could potentially out users who may not be publicly open about their sexual orientation.
Postgraduate student Jason Chao has found that the apps are not encrypting data when sending them to third party advertisers, leaving them susceptible to hackers stealing personal information, including age, relationship status and location.
It essentially means that a hacker with the technical ability to access the information could find out who is gay or bisexual in their local area.
This is particularly dangerous in countries where being gay is illegal and communities use the apps as a way of connecting with the LGBTQ people.
“It surprised me,” Jason Chao told GSN of the flaw. “Vulnerable people who aren’t out use Grindr and Jack’d. The developers should be assessing the apps’s security all around.”
Chao also said that he thinks the developers of these apps should be more responsible for the safety of users and ensure their software doesn’t compromise their privacy.
“I am not the first one to discover Grindr and Jack’d being leaky,” he said. “Researchers at a Japanese university were the first ones to point out the issue of both apps sending unencrypted data to third-party advertisers.
“However, they only saw evidence of device models and carrier names being susceptible to hackers. But in my study, I also found personal data is accessible too.”
He added: “For the time being, using VPN can protect yourself from the leakage of unencrypted data from Grindr and Jack’d.”
Meanwhile, Time Well Spent recently conducted some new research which polled 200,000 iPhone users about their app usage and found that Grindr topped the list of titles which left users feeling unhappy.
They suggested that it’s not necessarily the Grindr app itself that is making users unhappy, but rather the amount of time they spend on it.
Those who said that Grindr left them feeling unhappy admitted that they used the app for more than an hour everyday.