When location apps overshare, predators follow the signal

@CNNMoneyTech June 15, 2012: 6:05 AM ET

NEW YORK (CNNMoney) -- When "John," a gay man from a southern town in the U.S., stumbled upon Grindr, a location-linked app for gay men, he saw it as an opportunity to meet like-minded people in his hometown.

"I thought it was neat because you got to see the proximity of people -- you knew you weren't talking to someone from California," he said in an interview with CNNMoney. (John is not his real name. He requested anonymity for this story to protect his safety.)

Grindr is one of the more sexually explicit apps that detect users' locations and helps them arrange to meet up in person, but John insists his goal was to expand his social circle: He and his boyfriend of three years hoped Grindr would help them make friends in a city where they felt isolated because of their sexual orientation.

"We both don't drink, and wanted to find a way to connect with other couples to go on road trips," John says.

John discovered the app on Apple's iTunes, and began chatting on Grindr with a man who also indicated that he was looking for friendship. After nearly a month of messaging back and forth and exchanging phone numbers, John agreed to meet the man -- who self-identified as HIV-positive -- for lunch.

What happened afterwards was a nightmare. During the lunch, John recalls leaving the table for a couple minutes to use the restroom, leaving his soda unattended. He describes feeling "dizzy" afterwards, and vaguely remembers a sexual attack in a department store dressing room.

Hours later, John was in the hospital. A police report filed by John and released by the local police agency to CNNMoney matches John's story: that he was allegedly drugged and raped by the man he had just met. John says he has since received multiple HIV tests -- all clean so far -- and spent thousands of dollars on medical bills and for psychological care following the attack.

John's assault is a location app horror story, but it is part of what both police and those in the tech trenches say is a growing trend: As users adopt apps that pinpoint their whereabouts, predators are adopting the same tools.

"We have no doubt that this kind of thing happens all the time," says Sergeant Amy Watkins, a public information officer for the police department in Visalia, Calif. "Predators are getting on to these locations apps. I'm sure these kinds of crimes occur and they're not reported."

The issue rocketed into the headlines this week when flirting app Skout suspended its teen network. The company, whose app zeros in on your location and shows you other Skout users nearby, made the move in the wake of three separate reports of men raping minors after posing as teens in Skout's community for 13- to 17-year-olds. The alleged victims are 12, 13 and 15 years old.

"For now, we believe that there's only one thing we can do: until we can design better protections, we are temporarily shutting down the under-18 community," Skout founder Christian Wiklund wrote in a blog post about the suspension. "We are extremely sorry about this, but we don't believe we have any other choice."

When it changed: "Check-in" apps like Foursquare have always carried risks, but techies say the location landscape shifted in mid-2010. That's when Apple added app multitasking to its mobile operating system, which opened the door to "background" location sharing.

For the first time, iPhone apps could stay open indefinitely, tracking and transmitting a user's location.

That allowed developers to create a wave of "social discovery tools" like Highlight, which hums along quietly in the background and notifies users when people with similar interests are nearby. The app and its legion of rivals -- Banjo, Glancee, Sonar, Kismet -- were the main feature this year at SXSW, a conference that often serves as the launch pad for tech's "next big thing."

But the social apps field is still something of a Wild West, where developers often find themselves asking for forgiveness instead of permission. Streaming music service Spotify and video app SocialCam are among the apps that have come under fire recently for sharing data more widely than many users realized. (Neither transmits location data, but by default, both apps broadcast everything done with them -- which catches many users by surprise.)

Plus, users often simply don't understand the risks of what they're exposing. A recent study by IT governance trade group ISACA found that 58% of smartphone owners use location-based apps. Almost half of those surveyed -- 43% -- say they never read the user agreements for apps they download. Another 25% said they read the agreements but "generally believe they are not clear about information being collected and how it will be used."

Grindr requires its users to manually build a personal profile and decide what information to transmit, such as their photo, age, height and relationship status. Skout has a "sign in with Facebook" option that automatically sets up a basic profile. Using that and sticking with the default settings will broadcast your first name, Facebook profile photo, age and gender to other Skout users nearby.

"Our sense is this is the beginning of a longer-term trend," says Marios Damianides, a geolocation expert with ISACA. "Once the security issues are highlighted more, people will get more aware."

Sergeant Watkins of the Visalia police estimates that the majority of the crimes tied to location-based apps go unreported. She became involved in the field while investigating a local sexual assault. The attacker, who was arrested late last year and pleaded "no contest" to the charges, used Grindr to target his victims. He is currently serving a four-year prison sentence.

"We know he had other victims. We ended up locating one," she says.

Asked about the assaults linked to his app, Grindr CEO Joel Simkhai says "the same rules" apply online and off about protecting yourself.

"It's really your responsibility to use all those skills you've used in your whole life to navigate all these new interactions," he told CNNMoney. "We look at every situation and get involved when we can. We encourage people, if there's ever a crime committed, to contact law enforcement."

Highlight CEO Paul Davison, whose app went live three months ago, says we're still in uncharted territory.

"This new technology -- to see the people around you and to share a little bit of information in a private, controlled way -- is just new, so we're still figuring out what the norm should be," he says. "There are all these details you have to get right."

In John's case, the man who attacked him is still out there. After his complaint was transferred back-and-forth between two police departments, dragging on throughout a jurisdictional disagreement, he opted to drop it.

"I have to start dealing with this internally," he says.

One way of doing that is to start speaking out.

"My whole goal is to educate people of the dangers of meeting people on these applications," John says. "There's a lot of people who just don't know what they're getting into." To top of page

Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer. Morningstar: © 2018 Morningstar, Inc. All Rights Reserved. Factset: FactSet Research Systems Inc. 2018. All rights reserved. Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor's Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2018 and/or its affiliates.