A new study has revealed that many popular dating and women's health apps share users' intimate data with dozens of companies involved in the advertising business.
The data shared with these firms could even be used to indicate users' sexual orientations and religious beliefs but these apps are also sharing other personal information including birthdays, GPS data and ID numbers associated with users' smartphones that could be used to tie all of the data back to a single person.
The advocacy group Norwegian Consumer Council (NCC) conducted the study which examined 10 apps, including Grindr, OKCupid, Tinder, Clue and MyDays, and found that they were collectively sharing users' personal information with at least 135 companies.
- Plenty of Fish leaks private user information
- Europeans "have lost control" of their personal data
- Facebook data breach sees millions of user personal details leaked online
While Amazon, Facebook and Google are some of the more popular companies these apps are sharing data with, they're also sharing personal information with companies that are not widely known outside of the tech industry such as AppsFlyer, Fysical and Receptiv.
According to the study, the data sharing isn't limited to these apps and the in its report, the NCC explained that this is likely a widespread practice, saying:
“Because of the scope of tests, size of the third parties that were observed receiving data, and popularity of the apps, we regard the findings from these tests to be representative of widespread practices.”
Many of the companies involved make money by compiling details about individual consumers to build comprehensive profiles to serve targeted personalized ads. For instance, hedge funds and other businesses buy location data in order to analyze retail sales and plan investments while political campaigns use personal data collected from users' smartphones to identify potential supporters for targeted outreach.
While conducting its study, the NCC found numerous violations of GDPR by these apps but the LGBTQ+ dating app Grindr was the worst offender. The organization is even planing to file an official complaint against the company as well as other businesses that received data from Grindr.
Now that GDPR has been in effect for two years and the California Consumer Privacy Act (CCPA) has just went into effect at the beginning of this year, expect government agencies and other consumer organizations to not let this massive amount of data sharing continue.
- Protect your online privacy with the best VPN services
Via Consumer Reports
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.