The last time Hackerfall tried to access this page, it returned a not found error. A cached version of the page is below, or click
hereto continue anyway
GitHub - SINTEF-9012/grindr-privacy-leaks: Report and raw data about privacy leaks in Grindr.
Grindr Privacy Leaks
SVT and SINTEF conducted an experiment the 7th of February 2018 to analyse privacy leaks in the dating application Grindr. This was realised for the Sweedish TV program "Plus granskar", that you may watch online.
We discovered that Grindr contains many trackers, and shares personal information with various third parties directly from the application.
Grindr Shares Personal Information With Third-Parties
Data
Sent to third-parties using unsafe HTTP and HTTPS
Sent to third-parties using HTTPS only
Grindr (App Name)
Adrta, Google,Liftoff, Manage.com, Mobfox, Mopub, OpenX, Smatoo
AdColony, Adsafeprotected, Apple, AppsFlyer, Apptimize, Crashlytics, Facebook, Fqtag, Kochava, Localytics, Moatads, TreasureData
Precise GPS Position
Adrta,Liftoff, Mopub, Nexage, OpenX
Apptimize, Localytics, Treasure Data
Gender
Adrta, Mopub, Smatoo
Apptimize, Localytics
HIV Status
Apptimize, Localytics
Last Tested Date
Apptimize, Localytics
Email
Localytics
Age
Mopub, Smatoo
Apptimize, Localytics
Height
Apptimize, Localytics
Weight
Apptimize, Localytics
Body Type
Apptimize, Localytics
Position (sexual)
Apptimize, Localytics
Grindr Profile ID
AdColony, Apptimize, Crashlytics, Localytics, TreasureData
Tribe (Bear, Clean Cut, Daddy, Discreet, Geek, Jock, Leather, Otter Poz, Rugged, Trans, Unknown)
Mopub
Apptimize, Localytics
Looking For (Chat, Dates, Friends, Networking, Relationship, Right Now, Unkown)
Mopub
Apptimize, Localytics
Etchnicity
Mopub
Apptimize, Localytics
Relationship Status
Mopub
Apptimize, Localytics
Phone ID
Liftoff, Adrta, Mopub, Smatoo
AdColony, Kochava,
Advertising ID
Adrta,Liftoff, Mopub, Mopub, Nexage, OpenX, Smatoo
AdColony, Adsafeprotected, AppsFlyer, Apptimize, Facebook, Fqtag, Localytics, Maxads, TreasureData
Phone Characteristics
Adrta,Liftoff, Mopub, OpenX, Smatoo
AdColony, AppsFlyer, Apptimize, Facebook, Maxads, TreasureData
Language
Liftoff, Mopub, Nexage, Smatoo
AdColony, AppsFlyer, Apptimize, Facebook, Maxads, TreasureData
Activity
App-measurement, Apptimize, Facebook, TreasureData
Pictures
Messages content
Grindr Shares Personal Information Including HIV Status With Apptimize And Localytics
It is unnecessary for Grindr to track its users HIV Status using third-parties services. Moreover, these third-parties are not necessarily certified to host medical data, and Grindr's users may not be aware that they are sharing such data with them.
Grindr Shares Personal Information Without Security
Personal information is shared unencrypted, allowing people, companies, or governments to listen on a network to discover who is using Grindr, where they are precisely located during a day, how do they look, what do they like, what do they browse By sharing such information in an unsafe way, Grindr is exposing its users.
Grindr Contains Trackers
By decompiling the Grindr Android source code, we discovered tracking software. Notably Facebook, Smatoop or Localytics. This is also confirmed by the project Exodus.
Experiment Setup
We installed Grindr on a Samsung Galaxy running Android and on an iPhone running iOS. Two persons created a Grindr profile and started dating for a few minutes.
We analysed the Grindr network traffic by using a man-in-the-middle proxy recording HTTP and HTTPS exchanges, using a setup similar to the one described in the paper "Who knows what about me? A survey of behind the scenes personal data sharing to third parties by mobile apps." (Zang, K., Dummit, J., Graves, P.L. and Latanya, S. - Technology Science (2015)."
We used Wireshark to monitor all TCP/IP traffic, Fiddler to capture HTTP and HTTPS traffic, and APKTool to decompile the Android application.
Continue reading on github.com