If you’re one of those people who’s a bit unnerved by your phone’s apps tracking your every move, I have some bad news—it turns out dating apps are just as guilty as the rest of them. But unlike other apps, they also know what makes you horny.
This update from the depths of surveillance capitalism comes courtesy of a bombshell report dropped today by the Oslo-based watchdogs of the Norwegian Consumer Council. The report—which detailed the data-mining behaviours of ten popular apps, including Tinder, Grindr, and OkCupid—found that intel about app users was shuffled through more than one hundred collective third parties, which ranged from household names like Facebook and Google to lesser-known players in the adtech world, like OpenX, MoPub, and AppNexus. Though the apps involved in the study were Android-based, each is available for iPhone users, as well.
With the report rollout, the Norwegian Consumer Council also announced that they’d be filing “formal complaints” against Grindr and five of the third parties that plugged into its user data for breaches under the General Data Protection Regulation, or GDPR. Considering the hefty fines other companies have faced for their own GDPR violations, it’s possible that Grindr might soon face the same fate.
Like virtually all data collection, this instance was fuelled by a desire to serve targeted ads more effectively. “Many actors in the online advertising industry collect information about us from a variety of places, including web browsing, connected devices, and social media,” the Council outlined in an announcement about their research. And while this information might be used for targeting first and foremost, the Council warned that by “revealing what we do in our daily lives, our secret desires, and our most vulnerable moments,” these apps open the door to discrimination and exploitation.
Take, Grindr, for example. According to the nearly 100-page document outlining the report’s methodology, the group found data being funneled to more than 50 outside partners, with more than 30 of those partners related to advertising in some way.
Or, in other words, the majority of these partners aren’t really nefarious per se—they’re just onboarded in the name of getting Grindr paid. And to get paid, they’re hoovering buckets of data—not only about the app but about the person using the app, as well.
If “data” sounds like an amorphous phrase—you’re in luck, because the Norwegian researchers outlined exactly what kind of data’s being mined in each case. For instance, in Grindr, the team found that a user’s device identifiers, age, gender, latitude, and longitude were all pinpointed with the help of a number of advertising partners. Not only that but in the case of one particular partner, Braze, even the type of relationship a Grindr user was looking for ended up being shared:
The “looking_for” parameter in Braze data corresponds to the categories chosen by the user in the app:
7. Right now
Even then, as the researchers note, the data-sharing process is “highly opaque” and takes more than a little technical know-how to understand—and that’s assuming you’re already privy to the various actors in the data-sharing chain of command.
Meanwhile, that uber-opaque process is uber-valuable. Gleaning insight into who’s downloading apps like Grindr, where they live, and what they’re, specifically using the app for, is a one-way-ticket into the wallets of the queer community—which, by recent estimates, is roughly worth a whopping $US3.7 ($5) trillion in purchasing power. And that data only becomes more valuable when it’s cross-referenced by other identifiers that other apps might share. As the researchers point out:
That someone uses both Grindr, Tinder, and OkCupid, combined with their respective usage patterns (and changes in usage patterns over time), together with the other application data that is being transmitted, gives a pretty good indication of relationship status, sexual preferences, as well as dating activity.
Meanwhile, identifiers tied to these particular apps can be overlaid with mobile ad ID’s that are unique to a particular phone, or the IP address of a particular person to form a complete profile of a particular app-user across every device they own.
While this data might be ostensibly used for the relatively benign task of… programmatic ad targeting, the opacity of the data-trading supply chain makes it nigh impossible to definitively say for sure that this data avoids the wrong hands. (Until the devastating data breach report comes in, of course.) And when that data concerns something as personal—and private—as sexual orientation, that line of thinking can spiral pretty quickly.