The precise movements of millions of users of the gay dating app Grindr were collected from a digital advertising network and made available for sale.
The information was available for sale since at least 2017, and historical data may still be obtainable, the people said. However, Grindr two years ago cut off the flow of location data to any ad networks, ending the possibility of such data collection today, the company said.
The commercial availability of personal information, which hasn’t been previously reported, illustrates the thriving market for intimate details about users that can be harvested from mobile devices. Last year, a U.S. Catholic official was outed as a Grindr user in a high-profile incident that involved an analysis of similar data.
National-security officials have also indicated concern about the issue: The Grindr data were used as part of a demonstration for various U.S. government agencies about the intelligence risks from commercially available information, according to a person involved in the presentation.
Clients of a mobile-advertising company have for years been able to purchase bulk phone-movement data that included many Grindr users, said people familiar with the matter. Gay-dating app’s user locations were collected and sold via ad networks since at least 2017; Grindr says it has curtailed the data it shares.
The data didn’t contain personal information such as names or phone numbers. But the Grindr data were, in some cases, detailed enough to infer things like romantic encounters between specific users based on their device’s proximity to one another and identify clues to people’s identities.
People familiar with the data can be their workplaces and home addresses based on their patterns, habits, and routines.
“Since early 2020, Grindr has shared less information with ad partners than any of the big tech platforms and most of our competitors,” a spokesman for Grindr said in a statement. He said the company pays the price for reducing the data shared, including lesser ad quality for users and lower revenue. The spokesman added: “The activities that have been described would not be possible with Grindr’s current privacy practices, which we’ve had in place for two years.”
Location-tracking data has increasingly been used for reasons beyond its intended purpose. For example, earlier this year, researchers spotted signs of the Russian invasion of Ukraine before it was publicly known by watching Google Maps features designed to show traffic delays. Google later disabled those features to avoid them being abused in ways that could affect the safety of those on the ground.
Grindr in 2019 said it was the world’s most extensive social networking app for gay, bi, trans and queer individuals, with “millions of daily users who use our location-based technology in almost every nation in every hub of the planet.”
When the company initially began sharing the location data of its users with the ad networks, the company’s executives believed the data didn’t pose these kinds of privacy risks, according to a former senior employee. At the time, advertising-industry executives had told Grindr that hyperlocal ads for establishments just down the street from their users would reshape marketing budgets, the former employee said.
The idea was that through what is known as real-time ad exchanges, users would be served targeted messages about the nearest restaurants, bars, or hotels.
Real-time bidding works because every time a smartphone user opens an app or website with available ad space, the device shares data about the phone with an ad network to help micro-target ads. That data can include the precise geographic location of the phone if the user has granted an app permission to know it, demographic data about the owner, and detailed logs about the phone’s status. Most users pick to share location with Grindr to be connected with other nearby users. That functionality made it appealing as an app when founded in 2009.
Advertisers bid on serving an ad in a computerized process that plays out in milliseconds, and the highest bidder prevails. Unfortunately, consumers are unaware that the process occurs on their devices every time they load an app or webpage or how much data is shared with third parties.
Most apps partake in real-time ad exchanges that expose their details to hundreds or thousands of unknown parties. However, Grindr and other apps built to motivate users to share their location generate particular data sets that can be used to rebuild data about individual users.
Being gay remains a crime in various countries around the world, and such data sets could put people in danger of prosecution and punishment, with the penalty in some countries being death. Grindr said it doesn’t serve ads in territories where being gay is illegal, which keeps those users’ information off advertising exchanges.
Even in nations where being gay is legal, it can remain a blackmail threat for those not living candidly. For example, the U.S. government interfered to force a Chinese company into divesting itself from Grindr on national-security grounds in 2019—citing the risk of blackmail using the app data and the prospect of the Chinese government using the app’s data for surveillance purposes.
Clients of mobile-advertising company UM have been able to purchase the bulk phone-movement data that included many Grindr users since at least 2017 and possibly earlier, said people familiar with the matter. Most location brokers strip the name of the apps that the data is sourced from in location data sets. However, in some of UM’s data, the company included the name of apps from which the location information was sourced.
“UberMedia was a MoPub partner. Like all partners, they were subject to MoPub’s marketplace agreement, and data use restrictions.” For example, Twitter said its policies contained restrictions on the resale of data but declined to specify them.
“Every single entity in the advertising ecosystem has access to the information shared by Grindr and every other app that uses the real-time bidding system. That implies thousands of entities have such access,” said a spokesman for UM’s new owner, Near. The company also disputed that location data stripped of personal information such as names, emails, or phone numbers could be used to identify specific individuals.
UM refused to provide data to any U.S. government agencies. Instead, the data were bought by private government contractors—not managed by the government directly. In addition, UberMedia’s contracts prohibited using the data for surveillance, tracking, or law-enforcement activity.