Wham, bam... premium rate scam: Grindr users hit with fun-killing charges

5-10 million installations... and that's just on Android

El Reg reported the apparent issue to Grindr, which blamed the problem on ads served by an [unnamed] third-party network, which have since been withdrawn.

Grindr is aware of this issue and takes it very seriously. Ensuring that our users have the best experience possible is one of Grindr’s top priorities and we will not stand for users having to deal with malicious advertisements.

We have both direct advertisers as well third-party ad networks which supply advertising to the app. The ads you reference were served by one of these third-party ad networks.

While we do have a number of safeguards in place to monitor for ads on third-party networks, we serve billions of ads on our network, so there is the occasional chance that ads like this may appear.

In this instance, we immediately reached out to our third-party networks to have these malicious ads removed.

Sullivan inspected screenshots forwarded by Tom that show that the app’s permissions and the phone itself appear to be behaving normally, evidence that the unauthorised calling has been triggered by a rogue ad.

Google Play reports between five and 10 million installations of Grindr, each of which are serving ads. "The idea that a feature is being abused is a very valid hypothesis," according to Sullivan.

Malicious content pushed towards users by apps is uncommon but far from unprecedented. For example, users of the ad-supported version of Spotify were hit by a malware-based attack back in 2011.

In that case, Spotify’s Windows client had browser functionality altered to push a Trojan. Cybercrooks can make money from malware but a premium rate scam might appear to offer even greater illicit gains. However, there are controls in place to block this sort of thing.

"There’s been plenty of malware attempting to monetize via premium numbers in the past," Sullivan explained. "The difficulty is setting up such a number so that the money can’t be clawed back retroactively.

"It could be that Grindr’s third-party network is being targeted in hope that victims will not complain to regulators. And so the ad-pushers hope that the money might not get taken back quickly," Sullivan argued.

Tom echoed concerns that gay men were cynically being targeted because they might be less likely to complain. "Despite customers being charged without warning or choice, whoever is behind this can essentially collate a giant list of phone numbers for people using Grindr," Tom told El Reg, and that "list [could be] sold/used for many lovely marketing calls and texts".

Our tipster remains dissatisfied by Grindr's handling of user complaints over the issue and concerned that the scam might reappear under a different guise. ®