Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Wham, bam... premium rate scam: Grindr users hit with fun-killing charges

Dating app makers blame rogue ad

Malicious ads from third parties have been piggy-backing on the gay dating app Grindr to run a premium rate number scam.

Grindr blamed a third-party network for pushing the dodgy advert, which was withdrawn after representations from El Reg. We learned of the apparent scam after hearing from Tom, a UK-based Grindr user.

"The iOS version has recently started dialling (without any user choice, input or confirmation) a premium rate number – 0913 666 0010 – which carries a hefty connection charge and per minute rate, and even if you cancel it quickly you still get hit with the connection charge," Tom told El Reg.

"I’m not sure whether it’s malware within the app or their advertising partners – but either way Grindr has refused to respond or even acknowledge messages from users via twitter or email," he added.

A Google search for the UK number linked to the apparent scam reveals another complaint, again related to an ad for Grindr Extra. "grinder [sic] gay dating app dials this number after pop up appears on my screen advertising grinder extra," the anonymous complainant states.

Another reported being left £65 out of pocket, while a third said the number concerned charged £1 per second. El Reg reported the number and a broad outline of the scam to UK regulator PhonePayPlus.

According to Tom, the Grindr app has a history of allowing pop-up adverts and websites to appear without any interaction/input from the end users.

A quick search on Grindr + premium rate on Twitter suggests similar issues surfaced in December in the context of Grindr's Android app.

iOS apps can “auto-dial” but the user should have to click "OK" to proceed. Android apps, by contrast, ask for permission up front.

Security experts at F-Secure estimate the premium rate scam could be the result of third-party malicious ads abusing Grindr's app. "This might be possible either via a flaw – or due to a lack of policing/filtering/sanitising of what ads can do as the app itself," said Sean Sullivan, a security advisor at F-Secure.

It might possible to bypass the permission confirmation if the link is formatted in a particular way, an issue discussed in a Reddit thread last August. Another possibility is a disingenuous permission dialog box written in such a way that’s easy to trigger a call.

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like