The two companies - Apptimize and Localytics, which help optimise apps - receive some of the information that Grindr users choose to include in their profiles, including their HIV status and "last tested date".
Because the information was sent with users' Global Positioning System location, phone number, and email address (which may include a user's government name and employer), the Norwegian nonprofit that sounded the alarm about this said that people's HIV status could be discovered. For the gay dating scene though, Grindr is one of the more popular programs. Councilmember Duran agreed, saying "I'm starting to believe that numerous young people who work for the company don't understand what we actually fought for in blood", a reference to battles waged in the past to provide health care to HIV positive people and fight stigma against them. The company says the firms are under "strict contractual terms that provide for the highest level of confidentiality, data security and user privacy". "We pay these software vendors to utilize their services".
"Grindr is a relatively unique place for openness about HIV status", James Krellenstein of AIDS advocacy group ACT UP told BuzzFeed News.
Grindr told NBC it was aware of the problem and "had changed its system to prevent access to data regarding blocked accounts", though it apparently did not change access to other data.
The report also found that Grindr has shared information like age, gender, relationship status, phone ID, language, and Global Positioning System location with third-party advertisers. As the testing of our feature has completed, any information related to HIV status has been removed from Apptimized and we are in the process of discussing removal of this data from Localytics.
The app previously defended sharing sensitive data with third parties as customary practice to ensure better service. The app's security chief has since said the practice will stop.
"It's important to remember that Grindr is a public forum", it said.
SINTEF also noted that Grindr was passing on user data to advertising companies, with it being the type of information that the app's users may not want shared beyond Grindr.
The Council is objecting to both the sharing of highly sensitive HIV statuses and other personal information with third parties without Grindr gaining explicit user consent for the data to be handed off to others.
"Grindr and similar app providers must urgently audit their data security measures, come clean about any issues and fix them immediately". That means other malicious groups or governments may have been able to acquire that sensitive information about Grindr's users, too.
Grindr has not yet responded to a request for comment on this story from Fox News.