The past willingness of Grindr to share sensitive data may have been more problematic than thought. The Wall Street Journal understands precise Grindr user location data was collected from the online ad network MoPub and put on sale through its partner company, UMMedia. When the LGBTQ dating app limited location data collection in early 2020, there was a chance that legacy information might still be available.
An anonymous former senior employee told the Journal that Grindr initially didn't believe sharing location data with marketers posed privacy issues. The company was told by ad execs that real-time bidding was changing the industry.
The Journal was told that the 2020 policy change meant it shared less data with advertisers than any of the big tech platforms and most dating app rivals. The current owner Near said "thousands of entities" have access to data shared in the real-time bidding system. Concerns that location data without personal information could help trace individuals were challenged.
Near's claim isn't necessarily true. A senior church official was ousted after The Pillar used sold Grindr data to track usage. There are fears that countries with anti-LGBTQ laws could use Grindr locations to arrest the app's users during the Beijing Winter Olympics to prevent this kind of abuse with athletes. The US forced Kunlun, the Chinese owner of the company, to sell it because they were worried that the Chinese government might misuse personal info for American citizens.
The company's practices were also under scrutiny. Kunlun's Chinese engineers had access to a database of sensitive info for months, and it was reported that it shared HIV statuses with app optimization firms. Security was an issue. One vulnerability allowed an outside app to collect exact locations, while another allowed someone to hijack accounts using only an email address. Grindr was not as aware of its data handling as it appears to be now.