For over a year now, gay hook up app Grindr has had a serious security flaw which allows users to be tracked very closely, and Grindr's response has been tepid at best. Some countries were only blocked after the security flaw was discovered and some reported that Grindr was being used for tracking by Egyptian police and at the Russian Olympics in Sochi.
From a technical standpoint, finding someone's precise location from their Grindr profile is deceptively easy. Based on your current location, Grindr tells you the location of other users in the area, with a level of precision down to the meter. On its own, that's not exactly useful: if you're in a city, there's quite a lot of people within 6452 yards of you.
The problem with Grindr, however, is that through some incredibly basic spoofing (it doesn't even warrant being called a 'hack'), users can trick Grindr into thinking they're somewhere that they're not. If someone does this a few times in quick succession, they'll get the distance of each individual user from three different points. The result, as you can see from the high-school geometry below, is that individual Grindr users can be very precisely located:
It should be clear, then, that is is a fairly major security flaw that should have Grindr's executive team running worried. Except that doesn't appear to be happening. Grindr has been contacted by various media outlets, but they reportedly refused to make any additional comments outside of blog posts on their website here and here, and when we asked our contact at the app for a comment about the privacy issues, we received a rather dull and meaningless piece of PR spin that "may be attributed to Grindr."
We are continuing to evaluate user feedback on this core functionality of the application. We will continue to evolve and improve the operation of the application based on considerations of security and functionality and provide our users the tools and information they need to make informed decisions about the use of the Grindr application. Grindr encourages any user who has a concern about his location privacy to disable the sharing of his distance in Grindr settings.
That's a cop out, because not only are those blog posts four months old, but the security researcher that found the flaw did so in March of last year, and to date, Grindr hasn't addressed the problem. Grindr has disabled location sharing for countries they deem to have "a history of violence against the gay community," including Russia, Egypt and Iran, and loads of other places with anti-gay laws. Whilst that's certainly a step in the right direction, it's a poor Band-Aid on a problem that never should have existed, as it really doesn't even solve the issue at hand, according to Ars Technica.
The changes did nothing to prevent the Synack researchers from setting up a free account and tracking the detailed movements of several fellow users who volunteered to participate in the experiment.
Colby Moore, the researcher who uncovered the initial flaw, provided a list of simple behind-the-scenes fixes that Grindr could make, which would make precise location tracking like this impossible. Preventing numerous, fast location changes (like jumping from the US to Egypt and back in seconds) would be one of them.
The biggest thing is don't allow vast distance changes repeatedly. If I say I'm five miles here, five miles there within a matter of 10 seconds, you know something is false. There are a lot of things you can do that are easy on the backside.
Adding 'rounding error' into the location, so that not even Grindr's servers know the actual location of users, would be even better:
You just introduce some rounding error into a lot of these things. A user will report their coordinates, and on the backend side Grindr can introduce a slight falsehood into the reading.
But as it currently stands, anyone with the ability to Google (and a teaspoon of computing nous) is able to track Grindr users in the US (and almost any other country in the world). The privacy and personal security implications should be obvious, and terrifying — everything from physical harm downwards is made exponentially easy when you have a map telling you the location of gay men in real time.
What makes this even more insidious is that many users don't even realise how deep the exploit exposes them. There are some gay men who believe that disabling location on their phone will prevent the exploit from working: it doesn't. It may hide it from being seen by the Grindr user, but it doesn't stop others from accessing the data, and users like Matt Midgett in Japan (a very safe country for LGBT folks, or for anyone, in general) are unaware of it.
The location tracking isn't really that reliable, even if they're using those numbers, that's a setting that you can hide so it isn't displayed, and it only updates when I'm on Grindr, which means I'm aware of when it's tracking me and usually I'm in a situation where I more or less don't mind.
Except, of course, it is that reliable. It just may not appear to be that reliable. And even in countries where, overall, the population is tolerant of the gay community, there are always exceptions. Some are violent bigots, some are criminals, and some are mentally ill. Reports here on ROYGBIV show the frequency of attacks on LGBT individuals. Some of them end in murder. And these occur in the countries Grindr hasn't sought to block: including Japan and the United States.
In fairness to Grindr, there will always be privacy issues with apps that share user locations with other users. As Moore said, "If an app shares *any* information about your location (whether it's relative distance, coordinates, estimation of location, etc.), there is always a way to locate someone. The only variable is to what precision and with what speed."
What makes Grindr's flaw so bad is the simplicity — it's the tech equivalent to leaving your keys on the front tire and hoping no-one bothers to look — combined with the lack of action. Rather than rushing to address a crucial security flaw, one that help paint a literal target on members of an at-risk community, Grindr has continued to rely on bad patches and PR spin.
Top art by Kat Callahan, Chris Mills, and Vdovichenko Denis/Shutterstock. Tracking Image by Chris Mills.