Safety apps for dating - phrase
Dating apps like Grindr could pose a national security risk, experts warn
It is the hope of some dating app users that the connections they form online will last a lifetime.
But while apps such as Grindr, Tinder, Hinge and The League make no promises of endless love, U.S. national security officials warn users there is one thing that really may last forever: their data.
"I think most American, most people, don't realize how much data your phone is generating about you and your life every single day," said John Demers, assistant attorney general for national security at the Department of Justice.
When NBC News showed Demers the kind of data collected by dating apps — everything from drug use to preferred sexual position — he said he feared that the information could be weaponized by individuals and even foreign intelligence agencies.
"There's a lot of information there in the app that you're voluntarily turning over," he said. "Some of it you know you're doing, some of it maybe you don't realize."
Demers said an individual's personal information on a dating app is the type of data a foreign intelligence service "would want to paint a picture of your life."
"If I'm starting a lure operation, for instance," he said, "I can find the kind of person I think that you will like and I will have them approach you." He added that an app user could even be approached with threats of blackmail.
The Justice Department declined to discuss any specific apps. It has, however, expressed concerns about Chinese-owned apps.
The popular dating app Grindr, which advertises itself as the "largest social networking app for gay, bi, trans and queer people," is owned by the Chinese gaming company Kunlun Tech. Foreign ownership matters when it comes to the type of information that may wind up in government hands.
"Chinese law requires a Chinese company to share any information that it has with the Chinese government if it's asked for that information for national security reasons," Demers said. "The other thing we know is that China is a top-down authoritarian country. So law or no law, if your future livelihood as a business depends on the government's happiness with the way you behave, you're gonna turn over that information."
Grindr's privacy policy says it "cannot guarantee the security of your personal data."
But Grindr is hardly an outlier when it comes to collecting and storing highly personal information on its users.
NBC News analyzed four popular dating apps, including Tinder, Hinge, Grindr and The League, and found that each collect a range of personal information.
Grindr collects such data as preferred sexual positions, HIV status, old profile pictures, race, exact location and times of day the app is accessed.
Tinder collects sexual preference, messages, the user's phone number, exact location, sent messages, job and Spotify playlists.
Hinge collects sexual preference, messages, exact location, messages, race and drug use.
The League collects sexual preference, exact location, race and job.
Bernardo Crastes, 24, an IT consultant who used Grindr and Tinder while living in Portugal, let NBC News access his data. Within a day, NBC News was able to generate a "profile" on Crastes that included knowledge about his musical preferences, how often and when he opened the apps, his personal pictures and sexual preference.
"It's strange to hear it outside of the app, but it's not something that I would mind sharing with other people," he said when presented with the findings. "But I would like to have that [information] under my control basically."
Hinge user Victoria Eberlein, an American who recently moved to London to become a lawyer, also allowed NBC News to access her data. European laws require dating apps to turn over requested data. Eberlein learned she had generated nearly 250 pages of information in less than six months. Among the information provided were what she described as "love letters to someone who probably didn't work out," sent within the app.
"That can be something that is intimate and private," the 24-year-old law student said. "And so, yeah, you'd hope that your messages are between just you and the other person, you know"
But even with Europe's laws, getting hold of one's personal information can sometimes be a challenge. Crastes said that getting his data from Grindr took several weeks and that the company initially failed to provide a complete set of data.
The popular dating app Bumble, which markets itself as letting women "make the first move," told Eberlein it couldn't find her account, then seemed to indicate it had found the account but declined to provide data. It told Eberlein, "Bumble is a US company and there are currently no requirements under US law for us to provide this information to you."
A law professor specializing in data protection law told NBC News Bumble was entering "shaky territory" in declining to provide the data.
Another European user of Grindr who spoke to NBC News said he had to pass several obstacles to gain access to his personal information, such as sending over a "high-resolution copy of a government-issued ID or passport" and a "clear photo" of himself holding a piece of paper with his email address.
"It should belong to us, to the people involved in it, the people who are sharing their personal data," Crastes said. "They should be the ones to decide what they want to do with it."
'Suspicious foreign connections'
The Department of Defense last month recommended to the branches of the U.S. military that they ban TikTok, a popular video app made by Bytedance, a Chinese company, from being installed on government-issued phones, saying it posed a security risk. The Army, Navy, Air Force and Coast Guard all followed the guidance.
But the Pentagon has not issued a similar warning about Grindr. The Committee on Foreign Investment in the United States, an inter-agency government body, has raised concerns about its ownership and the risk it poses to national security, according to a Reuters story in March.
The Pentagon referred NBC News' inquiry to each branch of the military. The Army said soldiers are prohibited from having personal apps on government-issued phones and, for apps on personal devices, are recommended "to research the company history, including ownership, for any potentially suspicious foreign connections the company may have."
"The Army continually reminds soldiers and family members of operational security and the risk of revealing personally identifiable information," a spokeswoman said.
The Coast Guard issued a statement that did not address the question about Grindr. The Navy and the Air Force did not respond to requests for comment.
Reuters also reported that Kunlun Tech had agreed to sell Grindr. NBC News asked Kunlun for confirmation but did not receive a response.
NBC News sent Grindr several questions on where it stores its users' data, its Kunlun ownership and whether the app has shared any information with any Chinese government agency.
A Grindr spokesperson declined to comment on specific questions, but said that the "privacy and security" of its "users' personal data is and always will be a core value for Grindr."
"Grindr utilizes the privacy by design framework, and our privacy policy details how Grindr uses the data that it receives and the options available to users. These, along with other safeguards, help our users safely and securely connect and thrive, and demonstrate our respect for user privacy," the statement emailed to NBC News read.
While experts say that little can be done to stop the information-gathering process within dating apps, states like California have made an effort to allow consumers to track what type of information is being collected on them. In 2018, then-California Gov. Jerry Brown signed into law a bill requiring that companies hand over personal data it collects on customers who request it, as well as disclose the categories of third parties with whom they are sharing the information.
The effects of this law have yet to be seen as it barely came into effect earlier this month.
The international community is also keeping an eye on the information being shared on dating apps.
On Thursday, the Norwegian Consumer Council released a report accusing dating apps of sharing detailed user data with advertising firms and in the process, potentially violating European data protection regulations.
"The collection of data across services and devices allows many of these companies [third party vendors] to construct intricate profiles about individual consumers, which can be used to target, discriminate and manipulate people" the report read. "All of this depends on a complex industry of actors that operate outside of the public consciousness, and happens on a questionable legal basis."
CORRECTION (Jan. 15, 2020, 10 a.m. ET): An earlier version of this article misstated Tinder’s data collection policy with regard to race. The company does not collect racial data, and the reference to race has been removed from the article.
Conor Ferguson is a consumer investigative producer with the NBC News Investigative Unit.
Andrew W. Lehren is a senior editor with the NBC News Investigative Unit.
Keir Simmons is a London-based foreign correspondent for NBC News.
Didi Martinez is an associate producer with the NBC News Investigative Unit.
-
-
-