Grindr, Romeo and Recon exposes location data

Cyber-security researchers found that gay dating apps are revealing the precise locations of its users.

The problem with most popular gay dating apps is that they are based on smartphone location data. Many show how far an individual is and what their exact location is. Researcher from Pen Test Partners developed a tool that was able to do it, and fake its location.

The researchers identified that Grindr, Recon and Romeo did not secure their application programming interface correctly. 

By exposing users’ location data, it puts them at risk from stalkers, criminals and others. 

“Protecting individual data and privacy is hugely important, especially for LGBT people worldwide who face discrimination, even persecution, if they are open about their identity,” said LGBT rights charity Stonewall.

Grindr, Recon and Romeo were alerted about the researchers findings, and since then Recon has amended its apps to “obscure” its users location, stating:

“We realise that the risk to our members’ privacy associated with accurate distance calculations is too high and have therefore implemented the snap-to-grid method to protect the privacy of our members’ location information.”

Grindr had commented that its app provides its users with an option to hide their distance information, and added that it actively obfuscated location data “in countries where it is dangers or illegal to be a member of the LGBTQ+ community”. 

The dating app Romeo have not commented on the research findings. 

On Thursday, Pen Test Partners also revealed that the group dating app 3fun had exposed the location data of more than 1.5 million users, as well as other personal data. 

Researchers discovered that they were able to plug in any coordinates they wanted to spoof – which subsequently revealed sensitive data on anyone within any location they choose. 

The researchers described the app as a “privacy train wreck.”


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/