Dating apps like Grindr could pose a national security risk, experts warn

It is the hope of some dating app users that the connections they form online will last a lifetime.

But while apps such as Grindr, Tinder, Hinge and The League make no promises of endless love, U.S. national security officials warn users there is one thing that really may last forever: their data.

“I think most American, most people, don’t realize how much data your phone is generating about you and your life every single day,” said John Demers, assistant attorney general for national security at the Department of Justice.

Demers the kind of data collected by dating apps — everything from drug use to preferred sexual position — he said he feared that the information could be weaponized by individuals and even foreign intelligence agencies.

“There’s a lot of information there in the app that you’re voluntarily turning over,” he said. “Some of it you know you’re doing, some of it maybe you don’t realize.”

Demers said an individual’s personal information on a dating app is the type of data a foreign intelligence service “would want to paint a picture of your life.”

“If I’m starting a lure operation, for instance,” he said, “I can find the kind of person I think that you will like and I will have them approach you.” He added that an app user could even be approached with threats of blackmail.

The Justice Department declined to discuss any specific apps. It has, however, expressed concerns about Chinese-owned apps.

The popular dating app Grindr, which advertises itself as the “largest social networking app for gay, bi, trans and queer people,” is owned by the Chinese gaming company Kunlun Tech. Foreign ownership matters when it comes to the type of information that may wind up in government hands.

“Chinese law requires a Chinese company to share any information that it has with the Chinese government if it’s asked for that information for national security reasons,” Demers said. “The other thing we know is that China is a top-down authoritarian country. So law or no law, if your future livelihood as a business depends on the government’s happiness with the way you behave, you’re gonna turn over that information.”

Grindr’s privacy policy says it “cannot guarantee the security of your personal data.”

But Grindr is hardly an outlier when it comes to collecting and storing highly personal information on its users.

We analyzed four popular dating apps, including Tinder, Hinge, Grindr and The League, and found that each collect a range of personal information.

Grindr collects such data as preferred sexual positions, HIV status, old profile pictures, race, exact location and times of day the app is accessed.

Tinder collects sexual preference, messages, the user’s phone number, exact location, sent messages, job and Spotify playlists.

Hinge collects sexual preference, messages, exact location, messages, race and drug use.

The League collects sexual preference, exact location, race and job.

Bernardo Crastes, 24, an IT consultant who used Grindr and Tinder while living in Portugal. Within a day, we was able to generate a “profile” on Crastes that included knowledge about his musical preferences, how often and when he opened the apps, his personal pictures and sexual preference.

“It’s strange to hear it outside of the app, but it’s not something that I would mind sharing with other people,” he said when presented with the findings. “But I would like to have that [information] under my control basically.”

Hinge user Victoria Eberlein, an American who recently moved to London to become a lawyer. European laws require dating apps to turn over requested data. Eberlein learned she had generated nearly 250 pages of information in less than six months. Among the information provided were what she described as “love letters to someone who probably didn’t work out,” sent within the app.

“That can be something that is intimate and private,” the 24-year-old law student said. “And so, yeah, you’d hope that your messages are between just you and the other person, you know”

But even with Europe’s laws, getting hold of one’s personal information can sometimes be a challenge. Crastes said that getting his data from Grindr took several weeks and that the company initially failed to provide a complete set of data.

The popular dating app Bumble, which markets itself as letting women “make the first move,” told Eberlein it couldn’t find her account, then seemed to indicate it had found the account but declined to provide data. It told Eberlein, “Bumble is a US company and there are currently no requirements under US law for us to provide this information to you.”

A law professor specializing in data protection law told Bumble was entering “shaky territory” in declining to provide the data.

Another European user of Grindr who spoke said he had to pass several obstacles to gain access to his personal information, such as sending over a “high-resolution copy of a government-issued ID or passport” and a “clear photo” of himself holding a piece of paper with his email address.

“It should belong to us, to the people involved in it, the people who are sharing their personal data,” Crastes said. “They should be the ones to decide what they want to do with it.”