Science and Tech

How to see if someone has blocked you on Grindr: App loophole allows users to see all

Nick Duffy March 18, 2018
bookmarking iconSAVE FOR LATER
Grindr, the gay dating app

Code words and symbols are used to refer to drugs on the app (Leon Neal/Getty Images)

A massive loophole in Grindr’s code is allowing guys to see exactly who has blocked them on the app.

DC-based developer Trever Faden exposed the massive security flaw in the app – which is already causing confrontations between partners, friends and even relatives.

Faden explained that the app currently attaches an invisible list of restricted profiles to each user’s account, so the app knows not to display guys to someone that has blocked them.

It would usually remain invisible to guys using the app as normal – but with a little effort it’s possible to retrieve the list of user IDs from the code, and find out exactly who has you blocked.

Grindr (Leon Neal/Getty Images)
(Leon Neal/Getty Images)

Faden has since built a web tool called ‘C**kblocked’ that lets people sign into their Grindr accounts and see the list for themselves – and it’s already causing controversy.

One Twitter user said that they had discovered their closeted cousin on the list. Awkward.

Speaking to Queerty, Faden said he expected Grindr would close the loophole quickly.

He added: “I assume Grindr will shut it down within a week, or patch the API I’m using so that it no longer displays the data, but I figure in the meantime, its interesting data that could spark some silly conversations.

“Luckily, someone finding out that you blocked them on Grindr isn’t a huge security vulnerability, as much as it is an awkward conversation waiting to happen.

“That said, when you block someone on Grindr, you do assume that information will stay somewhat private.

“Sometimes that is unfortunately just an assumption, as we’ve seen with data breaches in the past at companies like Ashley Madison.

“All of this data is safe, until it’s not, which, in my opinion, just means that if you really want to keep a secret–don’t send it through the internet.”

Grindr did not immediately respond to a request for comment.

Former intelligence officials recently raised concerns after Grindr was bought by a Chinese company.

The world’s largest gay hook-up app was fully acquired in January by Chinese tech giant Kunlun Group Limited in a deal that valued the company at $400 million. The company bought out the stake owned by Grindr’s founder and CEO Joel Simkhai.

Grindr Founder Joel Simkhai was bought out by Chinese investors (Photo by Alberto E. Rodriguez/Getty Images)

The new owners have carried out a shake-up at the top of the company, appointing Yahui Zhou as the interim CEO and Wei Zhou as executive vice-chairman and CFO.

But security experts have expressed alarm at the sale – and the potential for Grindr to become an asset of Chinese security services.

Experts on Chinese intelligence have warned the hook-up app could be utilised “as part of intelligence and foreign influence operations in the United States”.

The Washington Post reported that Beijing has been hoovering up data from across the globe “as part of a unique and well-planned effort to build files on foreigners for intelligence purposes” – and Grindr’s new owners open the door to it becoming the latest tool deployed.

Peter Mattis, a former U.S. government intelligence analyst and China fellow at the Jamestown Foundation, told the newspaper: “What you can see from Chinese intelligence practices is a clear effort to collect a lot of personal information on a lot of different people, and to build a database of names that’s potentially useful either for influence or for intelligence.

“Then later, when the party-state comes into contact with someone in the database, there’s now information to be pulled.”

He added that Chinese companies often face pressure to fork over data to the government for “public security” reasons, and that the acquisition of US tech companies opens the door to control by Beijing.

But Grindr marketing exec Peter Sloterdyk said that the company employs state-of-the-art technology to protect user data, and that it remains a US company subject to the laws of the United States.

More: US

Click to comment

Swipe sideways to view more posts!


Loading ...