gay dating apps compared
It's been one month now since the grindr location issue is public, for two weeks it is known that gay dating apps are used by the police in Egypt to hunt gays.
Today I checked the 20 most popular gay dating apps on android and it seems like nobody, except Grindr, changed their system.
There are very few apps which protect their users in countries with anti-gay law. A majority of the users can be located.
| app | register to use | captcha | email-verification | distance-information | lat/lon-information | option to hide distance | locating | SSL | unencrypted geo-ads | notes | analysis | statement |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
 | * | (yes, except pictures) | *hides distance-information in several countries with anti-gay law | visualthreat | Grindr’s Location Security Update | |||||||
 | - | - | visualthreat | Privacy, Security and GPS-Based Apps: An Inside Look From SCRUFF | ||||||||
 | - | (yes, except pictures) | - | visualthreat, Andrubis | - | |||||||
 | - | * | (yes, except pictures) | *adds some meters to distance to reduce accuracy | visualthreat | - | ||||||
 | - | (no, except chat) | - | visualthreat | - | |||||||
 | - | (no, except profilesettings) | guys are shown inside the app on a map, too. they should be aware of the issue. | visualthreat, Andrubis | - | |||||||
 | - | - | (no, except profilesettings) | - | visualthreat | - | ||||||
 | * | uses SSL-pinning, warns on MITM-attacks, accuracy down to 100m | visualthreat | - | ||||||||
 | - | (yes, except pictures) | - | visualthreat, Andrubis | - | |||||||
 | - | - | visualthreat, Andrubis | - | ||||||||
 | - | ? | - | visualthreat | - | |||||||
 | - | - | visualthreat | - | ||||||||
 | - | - | visualthreat | - | ||||||||
 | - | (yes, except pictures) | guys are shown inside the app on a map, too. they should be aware of the issue. | visualthreat | - | |||||||
 | - | - | * | guys are shown inside the app on a map, too. they should be aware of the issue. Accuracy reduced until opt-out, map available via www+anonymous | visualthreat | - | ||||||
 | - | - | - | visualthreat, Andrubis | - | |||||||
 | - | - | no geodatingapp | visualthreat | - | |||||||
 | - | (yes, except pictures) | - | visualthreat | - | |||||||
 | very few users | visualthreat | - | |||||||||
| app | register to use | captcha | email-verification | distance-information | lat/lon-information | option to hide distance | locating | SSL | unencrypted geo-ads | notes | analysis | statement |
Feel free to contact me via Twitter (@GrindrMap) if information is missing or outdated.
Some notes for the app vendors:
Locating users in countries with anti-gay law is a serious issue. It is definetly not enough to provide an option to turn the location-information off.
Most of the users are not aware of the fact that they can be located. English information does not reach the guys who face the penalties.
Use Geofencing to disable distance-information for contries with anti-gay laws for all users.
You may think of blurring pictures if you serve them to non-registered users.
If you are providing distance-information only:
- disable them for non-registered users.
- add some random extra meters to the distance to make trilateration less accurate.
- reduce accuracy down to 100 or 500m or change it depending on how many guys are around.
If you are providing latitude/longitude-information:
please: shut down your servers and try yourself in another business. You're a major threat to the community.
Several apps provide the exact birthdate of users via API. Users are not aware of this and think they just gave it for the age-check during registration.
All apps with geobased ads send the lat/lon-information of the user as plaintext via http to their adpartners. SSL is important here too.
Please have a look at the Google Play Developer Program Policies. Some of these apps are violating them.
Several apps still use md5 to hash the user's password...
17th September 2014