An unfortunate loophole in Grindr’s code has allowed users of the gay-dating app giant to see exactly who has blocked them on the app.
Washington DC-based developer Trever Faden, who discovered and exposed the security flaw in the app, says that the app currently attaches an invisible list of restricted profiles to each user’s account, so the app knows not to display guys to someone that has blocked them.
While the list which would usually remain invisible to guys using the app as normal, individuals are able to see the list with a little effort, meaning it’s possible to retrieve the list of user IDs from the code and find out exactly who has blocked you.
Faden has since built a web tool called “Cockblocked” that lets people sign into their Grindr accounts and see the list for themselves, resulting in not only an interesting read, but also a lot of controversy, and awkwardness.
Speaking with Queerty, Faden said that he expected Grindr would close the loophole quickly, adding, “I assume Grindr will shut it down within a week, or patch the API I’m using so that it no longer displays the data, but I figure in the meantime, its interesting data that could spark some silly conversations.”
“Luckily, someone finding out that you blocked them on Grindr isn’t a huge security vulnerability, as much as it is an awkward conversation waiting to happen.”
Faden adds, “That said, when you block someone on Grindr, you do assume that information will stay somewhat private. Sometimes that is unfortunately just an assumption, as we’ve seen with data breaches in the past at companies like Ashley Madison.”
“All of this data is safe, until it’s not, which, in my opinion, just means that if you really want to keep a secret–don’t send it through the internet.”
Issues have been raised in the past by former intelligence officials following Grindr’s sale to a Chinese tech company.