Privacy, Security and GPS-Based Apps: An Inside Look From SCRUFF

09/10/2014 09:51 am ET Updated Feb 02, 2016

The privacy and security of location-based apps has become a major concern for smartphone users around the globe. Recent headlines say it all: "Tinder flaw left users vulnerable." "Grindr security glitch exposes gay users in Uganda, Russian Kremlin." As the CEO of SCRUFF, one of the largest gay dating apps in the world, I take these reports seriously. While there are measures we have taken to protect our community, it's critical that all users understand the benefits and limitations intrinsic to location-based apps.

The most important thing you should know about location-based apps is this: Any app that shows relative distance between members can be used to pinpoint your location.

"But how? It only tells him I'm 1 mile away, he could never find me!" you reply.

Here's a quick refresher on geometry: If I know you are 1 mile away from me, but I don't know which direction, then the circumference of a circle, centered at my location, defines the set of possible places you could be. If I simply move to two other places and record your relative distance, with those three readings I can calculate your location. This is called "trilateration," and you can read more about it on Wikipedia.

"Okay, but I have hidden my distance in the app, so I can't be located, right?"

Imagine you and I go to a party at a friend's house, and after arriving you head to the backyard and I stay in the living room. Five minutes later, I launch SCRUFF to see who's nearby, and in between you and me in the list of nearby guys is a really cute guy who has hidden his distance. Guess what? You know that, while he could be in any direction, he is no further away than the distance from the living room to the backyard. In this case, the area of a circle defines the set of possible places that cute guy could be, and if you take enough readings you can form an increasingly precise boundary around his location. As a result, in any app that orders results by distance, you can eventually locate a member who has his distance hidden.

The technical feasibility of either approach generally requires a sophisticated user to reverse-engineer the app in question -- simply launching the app and writing down relative locations isn't going to be sufficient. Furthermore, this kind of reverse engineering is almost always against the terms of service of an app, and in some jurisdictions may be illegal. However, this hasn't stopped some from building tools that attempt to make location discovery possible.

As a result of the recent emergence of these tools, other apps have chosen to eliminate geo-location capabilities entirely, so that no location information is ever shown. While this can be a viable approach, it is only sufficient if the app refrains from ordering results by distance. SCRUFF knows many users enjoy the location feature and would regret its loss. More than a year ago we engineered a solution that protects user privacy while still enabling location-based data to be shared.

When a user elects to hide his distance on SCRUFF, we not only remove the information from his profile data, but we also randomize his location on our servers. This means that, if he lives in the West Village in NYC, he could potentially appear in between two people in SoHo. However, if he uses SCRUFF in the countryside, randomizing his location by a few blocks might still not be enough. That's why we take density into account, so if you live in the city, your location will be randomized by a few blocks, but in the country it could be a few miles or more.

This issue is even more critical for people who live in regions that criminalize homosexuality or male/female interaction, such as Russia and the Middle East. Hiding distance may be a smart option for people in these places to enable in all location-based apps that provide this feature. SCRUFF wants to ensure our members both who live in these countries and who travel to these countries stay informed, and in an upcoming release we will be enabling "hide distance" by default for people in these regions.

In addition, we've struck an innovative partnership with ILGA, a non-profit that publishes an annual report of gay and lesbian rights worldwide. Coming soon, when a user travels to a country included in the ILGA report and launches SCRUFF, he will see an alert informing him of the presence of local laws criminalizing homosexual activity. By increasing awareness about these laws, we hope to keep our members vigilant and raise the global pressure for reform.

Ultimately, the possibility of location discovery is something we all must consider whenever we use location-based apps for dating, traveling, hooking up, or making friends. As the stakes have increased, app designers must meet the challenge of building robust systems that incorporate advanced location obfuscation techniques. Though today's headlines happen to target gays, the challenges of location security affect any religion, gender, sexuality or minority group who finds community through location-based apps.