According to Grindr, the app is used by millions of people around the world.
The app allows users to give detailed information about themselves, such as age, gender and sexual preferences. They can also specify their HIV status and when they were last tested.
Personal information is sent unencrypted
When reporters at Plus, with the help of Norwegian research institute Sintef, looked at how the app passes on users' personal data, it turned out that Grindr sends sensitive information to companies outside the app completely unencrypted.
This means that someone who uses the same Wi-Fi network and knows what they are doing could easily access some of a Grindr user's personal data, such as sexual preferences, ethnicity and precise GPS position.
Not even your HIV status is protected
Grindr also shares users' HIV status with two companies in the US. This could be classed as sensitive health information.
Within the EU there are rules regulating the treatment of EU citizens' personal data and how it should be protected if it leaves Europe. According to Gro Mette Moen of Norwegian consumer organisation Forbrukerrådet, Grindr does not live up to these standards.
– Sensitive information such as sexual orientation, HIV status and sexual preferences should have a higher level of protection than Grindr offers, she says.
”Grindr is breaking the law”
– Our view is that Grindr is breaking the law. For example, it does not demand enough consent from its users.
Forbrukerrådet is now considering reporting Grindr to the Norwegian Data Protection Authority (Datatillsynet).
Reporters at Plus have shared some of the results of the Sintef report with Grindr. They have also contacted Grindr repeatedly to get a comment, but without results.
Update: After this news was published and widely spread in media outlets throughout the world, and after criticism from its own users on social media, Grindr stated that it will stop sharing the HIV status of its users, as Axios first reported.