Breach of Data

Norwegian Consumer Council Says Ad Tech in Dating Apps is ‘Out of Control’

Grindr, OkCupid, and Tinder are being called out for excessive data sharing.

Breach of Data

Last January, the Norwegian Consumer Council commissioned Mnemonic, an Internet security firm, to analyze the use of Internet ads in popular Android apps, including Grindr, OkCupid, Tinder, the fertility tracker Clue, and MyDays – Ovulation Calendar & Period Tracker. 

The report containing this data, published by the Council, is appropriately titled “Out of Control,” to demonstrate that ad tech in smartphone apps is becoming a serious problem. 

The researchers found that many of these apps share the user’s data not only with tech giants such as Facebook and Google, but also with “a large number of shadowy entities that are virtually unknown by customers.”

In fact, the apps analyzed were found to transmit data to at least 135 third parties involved in Internet advertising. Plus, they share the device’s Android advertising ID with 70 third parties. 

The report also emphasizes how most of these popular apps do not inform the users clearly about how their data are shared and used. 

Tinder and OkCupid don’t offer in-app settings to avoid having your data shared with advertisers

Data Security

According to the Norwegian Consumer Council, OkCupid and Tinder “seem to assume implied consent when the user taps “Log In” or ‘Join’.” 

The report also states that both dating services do not provide any in-app setting to opt-out of tailored advertising. 

If the users don’t want their data to be collected for advertising purposes, they must find the appropriate setting in the menu of their Android phone. 

“Many publishers and third-parties use these device-level opt-out options to argue or assume that consumers want to have their personal data shared with third parties,” says the report. 

To put it simply, if you do not set your Android device to block personalized advertising, apps can assume that you’re fine with having your data shared with advertisers.

Another problem the Council found with Tinder and OkCupid, is that they share the users’ data across all dating apps and websites from Match Group, including Plenty of Fish and Match.com. 

Following the Norwegian Consumer Council’s report, Grindr was banned by Twitter’s MoPub

Grindr’s privacy and security policies already attracted media coverage in 2018, when it was discovered that the app was sharing the users’ HIV status with two third-party analytics companies. 

Back then, the Norwegian Consumer Council filed a complaint to the Norwegian Data Protection Authority, forcing the LGBT app to stop that practice.  

Now, Grindr’s privacy policy states clearly that third-party advertisers are prohibited from collecting data about the user’s health status or identification with a sexual group. 

However, the Norwegian Council accused Grindr to make it very difficult for the average user to understand who collects and processes their data. The app’s privacy policy states that data are handled based on the policies of the third parties who collect the data. 

At the time when the Council’s report was written, the app only mentioned Twitter’s MoPub as a third-party advertiser. This way, “it is not clear how the user would be able to read the privacy policy of any other potential advertising partners.”Following the Council’s complaint, MoPub suspended the dating app’s account. Now, Grindr’s privacy policy mentions that the users’ data are collected by Google Analytics and Braze among other advertising partners, and it explains clearly how the two companies handle them.

Image source: Visual Content, Book Catalog