The app, which offers free ads for HIV-testing sites and debuted an optional feature that would remind users to get tested every few months, is now being called into question for how seriously it takes its users data.
As well as HIV statuses, SINTEF found Grindr transmits a raft of other personal data points to third party ad firms - this time via unencrypted transmissions - namely: precise GPS position, gender, age, "tribe" (aka group-affiliation, e.g. trans, bear), intention (e.g. friends, relationship), ethnicity, relationship status, language and device characteristics.
"There was no reason for them to be storing that data with these analytics companies in the first place", Cooper Quintin, senior staff technologist and security researcher at the Electronic Frontier Foundation, told BuzzFeed News.
In a tweet, United States senator Ed Markey suggested that greater care needed to be taken when handling information about individuals' HIV status: "Privacy isn't just about credit card numbers and passwords".
"The limited information shared with these platforms is done under strict contractual terms that provide for the highest level of confidentiality, data security, and user privacy", he said. "We pay these software vendors to utilize their services".
The CTO then goes on to explain that, in the event that user data containing sensitive information is shared, it is transmitted securely and there are data retention policies in place. These companies monitor how users interact with apps and make suggestions on what could be improved.
Under the app's HIV status category, users can select from a variety of statuses, which include whether the user is positive, positive and on HIV treatment, negative or negative and on PrEP. "We're aware of reports of a data breach involving the Grindr app and we are working to establish the scale of any impact on United Kingdom users", explained an ICO spokesman, in a statement emailed to Fox News. This means some data is sent to third-party companies under plain text, BuzzFeed News reports, which is much easier to obtain and read due to its unencrypted nature.
The sharing of what many Grindr users view as private information follows a controversy over United Kingdom -based firm Cambridge Analytica's use of information from tens of millions of Facebook profiles to micro-target political campaign messages.
Additionally, information obtained is only that visible on user's profiles; which, should one choose to make public, includes common dating app details, plus user HIV status and "last tested date".
"Just as users have begun deleting their Facebook accounts after the Cambridge Analytica controversy, dating app users will similarly delete or extensively restrict their use of such apps", she said in a statement to AFP.
"It's important to remember that Grindr is a public forum".