Honestly, I wouldn't be surprised if this was an intentional back door (...) that Grindr was required to create and let foreign authorities know about in exchange for being allowed to market the app in their country.
Assuming that's true, why would they publicly expose the back door as an anonymous API endpoint that's used in a standard flow within the product? Incompetence seems much more likely.
I'm not even sure that would constitute a "back door" - it's more of an "additional front door with no lock whatsoever".
I'm not even sure that would constitute a "back door" - it's more of an "additional front door with no lock whatsoever".