Postgraduate student Jason Chao has found that the gay dating platforms Grindr and Jack’d may be leaving data vulnerable to hackers.
Chao says the apps are not encrypting the data they gather from users before sending it to third parties, making it far easier to intercept and tamper with.
He told Gay Star News that the had been able to access a user’s age, relationship status and location by exploiting the weakness.
“It surprised me. Vulnerable people who aren’t out use Grindr and Jack’d. The developers should be assessing the apps’s security all around”, he said.
Dating app data vulnerabilities are particularly concerning on LGBTQ services, as gay men and women may be targeted in several parts of the world if they are outed.
Speaking to GDI in December, Grindr’s Peter Sloterdyk said: “We want to ensure that our platform is not providing a way for those who would prosecute or persecute those individuals to find them.”
The accessible data is also a concern in regions where homosexuality is legal, yet frowned upon. Indonesia is in the midst of a clampdown on LGBTQ apps, despite the fact homosexuality remains legal.
Chao adds: “I am not the first one to discover Grindr and Jack’d being leaky. Researchers at a Japanese university were the first ones to point out the issue of both apps sending unencrypted data to third-party advertisers.
“However, they only saw evidence of device models and carrier names being susceptible to hackers. But in my study, I also found personal data is accessible too.”
Read more here.