A postgraduate student is making noise with new research about dating/hookup apps Grindr and Jack’d failing to protect its users from hacks that could cause them to be outed due to security flaws.
Jason Chao argues that the apps are not encrypting data sent to third party advertisers, meaning it is possible for others to get your personal information, including location. This could enable others to find out who is a member of the LGBTQ community, and that could result in someone being outed to friends, family members, at work, or elsewhere.
That danger is especially disconcerting in areas where it is illegal to engage in gay sex.
“It surprised me,” Chao told Gay Star News. “Vulnerable people who aren’t out use Grindr and Jack’d. The developers should be assessing the apps’s security all around.”
“I am not the first one to discover Grindr and Jack’d being leaky,” he said. “Researchers at a Japanese university were the first ones to point out the issue of both apps sending unencrypted data to third-party advertisers. However, they only saw evidence of device models and carrier names being susceptible to hackers. But in my study, I also found personal data is accessible too.”
Grindr was sold to a Chinese company called the Kunlun Group earlier this year, for a reported $250 million. There have been concerns over the purchase, due to the country’s history of spying on American citizens.
How to avoid being hacked
“For the time being, using VPN [virtual private network] can protect yourself from the leakage of unencrypted data from Grindr and Jack’d,” Chao advised.
Still, he stresses that it is not reasonable to expect users to take on that added responsibility when the companies should be doing it themselves.
“It’s the job of the developers of Grindr and Jack’d to correct this,” he said.
Chao has also released a video to explain the issue that follows.
Grindr and Jack’d did not immediately respond to request for comment from Gay Star News.