Location leaks pose risk to users of gay dating apps

In 2016, Nguyen Phong Hoang, a security researcher in Kyoto, Japan demonstrated that the location of  users of gay dating apps such as Grindr, Hornet, and Jack'd can be pinpointed even when they have turned on features intended to obscure it - a dangerous problem for those have not come out publicly as LGBT or who live in a hostile location. The technique is known as trilateration and relies on the fact that these apps display images of nearby users in order of proximity. That ordering allows someone who creates two accounts to spoof their own location and adjust it to form a narrow band within which the target individual can be located. Overlapping three of these bands enables the attacker to locate the target to within a few feet. Other flaws in these apps include the failure to encrypt data that reveals the user is running the app, an issue on wifi networks and failure to encrypt photos in transmission between phones (Grindr). The same flaws are likely to apply to any app that lists users in order of proximity; however, gay dating apps are a particular concern because of the vulnerability of the LGBT population to surveillance and physical attack.

https://www.wired.com/2016/05/grindr-promises-privacy-still-leaks-exact-location/

Writer: Andy Greenberg
Publication: Wired