Users of hookup apps Grindr and Jack’d are being advised to be wary as major security flaws have been exposed.
Gay Star News reports that the apps both have “major flaws” that could allow hackers to steal users personal data, including your location.
Jason Chao, a postgraduate student, has shared with Gay Star News his study that exposes how the apps have “major privacy weaknesses”.
He says the apps are not encrypting data sent to third-party advertisers, allowing anyone to intercept the data transfer.
The outlet says this may pose a risk for people using the apps in countries where it is illegal to be gay as hackers could find the location of people in their area who are gay or bisexual. In LGBT+ friendly countries, people who are not out could also be at risk of being outed.
“It surprised me. Vulnerable people who aren’t out use Grindr and Jack’d. The developers should be assessing the apps’ security all around,” he says.
“I am not the first one to discover Grindr and Jack’d being leaky. Researchers at a Japanese university were the first ones to point out the issue of both apps sending unencrypted data to third-party advertisers. However, they only saw evidence of device models and carrier names being susceptible to hackers. But in my study, I also found personal data is accessible too.
His advice to anyone using the apps: “For the time being, using VPN can protect yourself from the leakage of unencrypted data from Grindr and Jack’d.”