Grindr Dating App Deemed Security Risk

Written by

An LGBTQ dating app, Grindr, has come under fire after Reuters reported that the Committee on Foreign Investment in the United States (CFIUS) told the app's China-based parent company that its ownership posed a national security risk.

Now, the Chinese gaming company, Beijing Kunlun Tech Co Ltd, is reportedly looking to sell Grindr LLC, which it has owned since 2016.

Though CFIUS has not responded to request for comment, Grindr has been under scrutiny for some time now. In 2018, Sens. Edward Markey and Richard Blumenthal wrote to Grindr's then interim CEO to inquire about its policies for protecting the sensitive information of its users after a press report claimed that the company had shared sensitive information of the app users without their consent.

"The data includes personally identifiable and sensitive user information such as HIV status, email address, telephone number, precise geolocation, sexuality, relationship status, ethnicity and 'last HIV tested date,'" the letter stated.

The security vulnerabilities in the app won’t be remediated by Kunlun's selling Grindr, but it will transfer ownership from a Chinese company, which is reportedly among the undisclosed reasons why CFIUS deemed it a national security risk, according to Reuters.

Though CFIUS is supposed to be involved in the review process of American companies going through foreign mergers and acquisitions, Kunlun twice bypassed the agency during the acquisition process in both 2016 and 2018.

"The issue is not one of internal company policy, but instead one of jurisdictions. Companies must abide by the laws and regulations of the country in which they are headquartered, in addition to the laws and regulations of the country in which their data is stored. Should one country have looser or less rigorous standards for privacy or security, those are the standards which de-facto will be applied," said Eric Silverberg, CEO of SCRUFF.

"All apps should be open and transparent with their users about where their data is stored, the jurisdictions within which they fall, and the third parties with whom their data is shared."

What’s hot on Infosecurity Magazine?