Dating apps like Grinder, Tinder, OkCupid found sharing user data for targeted ads, profiling
A new study reveals ten popular apps like Grindr, Tinder, OkCupid and My days have been sharing user data with adtech companies and third parties.
Facebook's Cambridge Analytica brought to light the importance of user data and how we share them with tech companies. Even so, there are still reports of some companies sharing user data without the user's consent. A new study published by The Norwegian Consumer Council reveals how ten popular apps have been sharing user data for targeted advertising without the knowledge of the user and on loosely based consent terms.
Security researchers at Mnemonic conducted a technical analysis of the data traffic from these ten apps - Clue, Grindr, Happn, Muslim: Qibla Finder, My days, My Talking Tom 2, OkCupid, Perfect365, Tinder and Wave Keyboard. The study, first reported by The New York Times, found that user data from these apps were shared with at least 135 advertising and behavioural profiling third parties. The data collected by these companies can be used for targeted advertising and profiling based on the gender, sexual orientation and even religious beliefs.
Popular gay dating app Grindr was found sharing user data like IP address, GPS location, age and gender with Twitter's adtech subsidiary MoPub which further sends data to other adtech companies like AppNexus and OpenX. The more worrying part is that these third parties have rights to distribute the data "with a very large number of partners". Twitter has since removed Grindr from MoPub and said it would investigate how the dating app received user consent on sharing data. Interestingly, the study holds Twitter's MoPub responsible for being the mediator in transmitting data to third parties which show targeted ads on the platform.
OkCupid which is owned by Match Group, shared personal data including users' sexuality, political views and even drug use with the analytics company Braze. Its sibling app Tinder was found sending GPS position and "target gender" to app analytics companies AppsFlyer and LeanPlum.
Makeup app Perfect365 shared the user data with third parties who are involved in "collecting, using and selling location data for various commercial purposes". Period tracking app MyDays was also found sharing data like the user's GPS location with third parties which use behavioural advertising and profiling as well.
The study also highlights how these companies allege that the data being collected is legal and with user consent. The problem however is that there is no clear and concise of method of what data the user is consenting to and how it will be used. The legal bases claimed by the companies are also difficult to understand. As for the third parties, these companies rely on the contractual terms which include the user consent from the app providers.
In response to the study findings (via Engadget) Match Group said the company respects privacy laws and that there are contracts in place for user data security. Braze also responded saying that the company gives "customers total and absolute control over what data they share with Braze".
It's alarming to see how companies are still collecting user data and on their own claims of consent and legal bases. The string of third party involvement with user data is another major concern.