As a regular user of smart-phones (and who isn't these days?) it's easy to become complacent about the various permissions and authorisations that users are asked to give when downloading and installing a wide variety of apps. As this article illustrates, often the risks to privacy and personal data don't come from unauthorised access or carelessness. Instead they come from information which we willingly part with, in order to get more functionality from those apps.
It's noteworthy that the designers of the app referred to in this article have no plans to change the functionality on which this vulnerability is based, because they regard the geographic location features as fundamental to the service. But much more needs to be done to give users control over the extent of the geographic information made available about them, even if that comes at the expense of some functionality within the software in question.
To exploit the loophole the researchers sent several requests to servers behind Grindr, each one appearing to come from a different location. This let them get multiple estimates of a target's distance from these separate places. This made it possible to calculate a person's exact location by triangulation. In a presentation at the Shmoocon conference, Mr Colby showed how he was able to use the loophole to map all Grindr users in San Francisco's Bay Area and those at the Sochi winter Olympics. Correlating this location data with information from social media sites would make it easy to find out someone's identity, he said.