The same-sex dating app Grindr says it will stop sharing its users' HIV status with other companies, after it was discovered the app was allowing third parties to access encrypted forms of the sensitive data.
Grindr acknowledged that information on users' HIV status, including the date they were last tested for the virus, was provided to two companies, Apptimize and Localytics, that were paid to monitor and analyze how the app was being used.
Grindr says its users had the option not to supply the sensitive information. When they did choose to, Grindr shared the data in encrypted form as part of "standard industry practice for rolling out and debugging software," the company said.
News that the app was sharing the data first appeared in a story by BuzzFeed on Monday.
BuzzFeed wrote: "Because the HIV information is sent together with users' GPS data, phone ID, and email, it could identify specific users and their HIV status, according to Antoine Pultier, a researcher at the Norwegian nonprofit SINTEF, which first identified the issue."
In a point-by-point response on its Tumblr page, Grindr said: "It's important to remember that Grindr is a public forum. We give users the option to post information about themselves including HIV status and last test date, and we make it clear in our privacy policy that if you choose to include this information in your profile, the information will also become public."
Grindr also said that the information provided to vendors was encrypted, and that the company "has never, nor will we ever sell personally identifiable user information — especially information regarding HIV status or last test date — to third parties or advertisers."
Hours later, Grindr's security chief told the news site Axios that the company has changed its policy and will no longer provide that information to vendors. Read more via NPR