Photos on the gay dating app Grindr are by no means private

Using network interception or just traffic logging, an attacker, state, or your employer can look over your shoulder at the images that pop up inside the popular “nearby gay man finder” app. The profile photos on the gay dating app reveal more data than one might think.

Grindr’s “masked man” app icon

Grindr’s “masked man” icon

Grindr presents its nearby users who are also using the app at the same time as a grid view of profile photos. These profile images are requested from Grindr’s server in order of proximity to the user. As the local user is always the nearest, the user’s own profile photo is always downloaded first when the app launches; thus revealing the user’s face and appearance. Immediately followed by the picture of every other user who has the app open at the same time in the local area. As the order of the requested images imply distance, it’s even theoretically possible to triangulate the user’s rough physical location if you know where one or more of the men are physically located. (All of this is of course more easily accomplished by simply registering an account with the app and opening it like a normal user.)

On a small scale like a corporate, café, or airport network, this can be used to reveal any gay man nearby. On a wider scale, like say for example a nation state that is unfriendly to gay individuals like Russia or Egypt — who to varying degrees also have state‐run Internet service provider monopolies — this can be used to profile and identify every user of the app. Ever wondered how the government built a list over the gay people in England in the 2005 dystopian thriller “V for Vendetta”? The approach outlined above would be a most effective means for gathering such a list (mobile cell tower geo‐triangulation location data, IP addresses, and access times would be available to a nefarious state actor).

The app also reveals which other users the user finds the most interesting. Clicking‐through to another users’s profile will send a slightly different formatted request for a larger version of the profile picture. User might want to keep his exact preferences in men to themselves, but Grindr is leaking that information to anyone with network capturing abilities.

Below are some examples of unencrypted data downloaded by the Grindr app that can be captured on the local network or as it passes through the wider Internet. Each of the URLs refers to an image that can is opened by anyone who intercepts the addresses/images:<width>x<height>/<unique-id><width>x<height>/<unique-id><unique-id>

Intercepting these addresses on a network would also imply that the user’s IP address was available for capture at the same time. This is just the kind of in‐the‐clear communication that can be intercepted and help explain the below quote from Edward Snowden on the US government’s data collection capabilities.

“The good news is there is no program named The Dick Pic Program. The bad news is they’re still collecting everbody’s information including your dick pics.”

Former NSA contractor Eward Snowden

Another interesting thing I observed is that photos users exchange in private chats are not deleted from Grindr’s servers even after being deleted from both the sender and recipient’s accounts. These privately exchanged images — ehm, dick pics — are also of the sort users would most care about being stolen. During my three‐month testing period, I found that images that were deleted were still publicly accessible using the same image URLs three months after deletion.

“Grindr will retain Profile Information and Instant Messages in the Grindr App or on the servers for the Grindr Service, for as long as needed to provide the Grindr Service and to comply with our legal obligations, resolve disputes and enforce our agreements.”

Grindr’s vague privacy policy.

Here are some simple measurements Grindr should use to improve security and preserve their users’ privacy:

  • Actually delete old photos or at least make them unavailable online

  • Enable HTTPS encryption on their imaging server
  • Stop using static and never changing URLs for images
  • Add some randomness to the fetch order for images instead of always loading nearest people first

Grindr’s image server ( is provided by the content delivery network Akamai Technologies, Inc. When asked, Akamai were completely uninterested in divulging any price information regarding how much it would cost to update from HTTP to HTTPS for a static image resource service like the one Grindr uses. It probably wouldn’t be cheap, but then choosing the cheap alternative isn’t a priority when choosing services from Akamai.

Tested on Grindr for Android version 2.2.8 and Grindr for iOS version 2.2.4 between 2015-05-24 and 2015-09-08. Grindr LLC, didn’t respond to requests for comments.

Leave a Reply

Your email address will not be published. Be courteous and on-topic. Comments are moderated prior to publication.