1. Home
  2. News
  3. Cybersecurity News

Popular dating apps are sharing their users’ most sensitive data, study finds

A consumer group says that users’ personal information is being shared between many different platforms

Photo (c) oatawa - Getty Images
Some bad juju has taken hold of three of the most popular dating apps -- Grindr, OKCupid, and Tinder, the last of which has nearly 8 million users in the U.S. 

Those developers have been called out by the Norwegian Consumer Council in a new report claiming that the app makers make it possible for “actors” (meaning digital marketers and adtech providers) to take in all the personal user information they can lay hands on to use to personalize and target ads. Perhaps even worse is the claim that a user’s private data might also be used for other purposes, such as discrimination, manipulation, and exploitation.

Key findings

The technical tests uncovered several significant privacy breaches. Some of the key findings include the following: 

  • A total of 10 apps scrutinized were proven to transmit user data to more than 130 different third party firms that deal in advertising and/or behavioral profiling. Besides the dating apps, Muslim Quibla Finder -- an Islamic app that lists prayer times among other features -- as well as Virtual Makeup and mentrual period trackers My Days and Clue were also tested and found to share user data, albeit at a much lower level than the dating apps.

  • The data that was shared included both the IP address and GPS location of the user and personal attributes such as gender and age, and other activities the user may have placed in their profile.

  • Twitter’s adtech subsidiary MoPub -- which had been down this bad stretch of road before -- was used as a mediator for a lot of the data sharing and was spotted handing off personal data to some digital advertising third parties.

  • The dating app OkCupid went even further, sharing extremely personal data about sexuality, drug use, and political views with Braze, Inc., a customer relationship management and mobile marketing automation software developer. Braze counts among its users some pretty heavy players -- like Microsoft, NASCAR, ABC News, and Citi. The company claims to send out “tens of billions of messages per month to over 1 billion monthly active users” on its clients’ behalf. However, in contrast to the report’s claims, Braze’s privacy policy says in black and white that users are pretty much giving it carte blanche use of their data. 

  • Google’s ad service DoubleClick was receiving data from eight apps, and Facebook was receiving data from nine apps.

The conclusion

“With how the ad tech industry works today, personal data is being broadcast and spread with few restraints,” concluded the report. 

“The multitude of violations of fundamental rights are happening at a rate of billions of times per second, all in the name of profiling and targeting advertising. It is time for a serious debate about whether the surveillance-driven advertising systems that have taken over the internet, and which are economic drivers of misinformation online, is a fair trade-off for the possibility of showing slightly more relevant ads.”

Take an Identity Theft Quiz. Get matched with an Authorized Partner.