Dark Side Of Grindr

Do you really know who you are talking to on Grindr? How safe is the app for its users? Last week a Brisbane court heard of a terrifying attack that saw a man chained up and ‘brutally’ raped by another man, after they met on the gay dating app in April, 2019.

The offender, Ian Robert Madden, stood trial on eight charges including three counts of rape. Madden was acquitted on five offences but found guilty of one count of rape, common assault and deprivation of liberty. This ruling means Madden will serve six years and six months imprisonment.

In evidence submitted to the court it was revealed that the victim met Madden on Grindr and both had agreed to meet at the perpetrator’s house for oral sex. However, the encounter took a menacing turn when Madden proceeded to bind the victim’s wrists with chains before anally raping the victim, all while wearing a batman mask. Madden, who knew he was HIV positive, took no precautions and did not use a condom when he “brutally” raped his victim.

District Court judge Richard Jones took into account submissions that Madden would have a more difficult time in prison due to his sexuality, mental health issues and the coronavirus related restrictions. However, Jones refused to accept submissions that the rape was not premeditated.

“The anal rape occurred after violence and included the binding of the complainant,” Jones said. “It may well be when he arrived you may not have intended to do what you finally did do but there can be little doubt this rape was not a spontaneous action of the moment.”

Jones also said that forcing the victim to “relive that night” by giving evidence at the trial reflected a “lack of remorse” from Madden.

 Of course, this is not the first story to emerge of how use of the Grindr app has led to brutal and even fatal outcomes. In February of this year three 17-year-old boys were charged with murder following the death of a 56-year-old Canberran man on the New South Wales South Coast.

It was revealed that victim Peter Keeley had been communicating with one of the three teenagers through the dating app. An autopsy found he had suffered severe head and facial injuries, though the findings were inconclusive.

“One of the lines of inquiry was the method of communication used by the victim… there were a number of dating apps that were used, and one of those apps was Grindr, that appears to be the method of communication that links him to one of the teenagers,” said Superintendent Doherty who was tasked with leading Keeley’s murder investigation.

However, and perhaps more worrying than these physical yet relatively isolated attacks is that the company behind Grindr were recently in the spotlight for a security flaw which made it incredibly easy for personal accounts to be hacked.  

The flaw in the security systems was originally uncovered by French security researcher Wassime Bouimadaghene in September. However, when Bouimadaghene informed the  the company of the vulnerability he received no response.

 In short, just by knowing the email address a user had associated with their Grindr account a hacker could easily create their own clickable password reset link using the leaked token and hijack the account and thus instantly gaining access to a user’s messages, pictures, HIV status, and more – therefor placing Grindr’s three million daily active users at risk.

In 2018 an investigation revealed that Grindr was sharing with two separate companies some of the information that Grindr users choose to include in their profiles, including their HIV status and last tested date.

Eventually responding to these latest concerns, the company’s chief operating officer Rick Marini provided the following statement to TechCrunch.

“We are grateful for the researcher who identified a vulnerability. The reported issue has been fixed. Thankfully, we believe we addressed the issue before it was exploited by any malicious parties. As part of our commitment to improving the safety and security of our service, we are partnering with a leading security firm to simplify and improve the ability for security researchers to report issues such as these. In addition, we will soon announce a new bug bounty program to provide additional incentives for researchers to assist us in keeping our service secure going forward.”