Grindr is a gay, bi, and curious geodating app for mobile devices. The app requests your location and updates with nearby individuals also using the app. By default, Grindr shares the distance between you and every other user (that has not disabled location sharing). One does not receive the exact coordinates of other users, but our app shows that it is easy to recover this quickly.
Stalkr is an application that requests distances to Grindr users from multiple different coordinates. Using the info received, it is possible to use trilateration to then recover their actual gps coordinates and put them onto a map. Stalkr takes this one step further by recording differences over time, allowing us to discover where Grindr users go throughout the day.
We developed this application as members of our team have used Grindr in the past and are concerned with the security of our private information, including our geolocation. Grindr itself many problems, allowing Stalkr to work. Their authentication for using their API is weak and allows our server to easily request session tokens, used to request locations of users. Additionally, no fuzzing of user locations seems to be used, allowing a simple three point trilateration to recover fairly accurate locations for thousands of users.
Log in or sign up for Devpost to join the conversation.