How Truecaller might have cost this Nigerian user over $13,000

The ability to block strange calls, SMSes, and spammers has made Truecaller increasingly popular with mobile users. But rising privacy issues and perceived exploitation of users data have people around the world raising their eyebrows.

A couple of days ago, Truecaller user Chika Obuah, a systems engineer and director at Czoid, sent a query to the app’s support platform on Twitter asking why promotional text messages were sent to his contacts without his knowledge or authorisation.

chika@ChikaObuah

Why is @Truecaller sending promotional SMS messages from my phone (with my money) without my permission to my contacts?

See chika’s other Tweets

In response to the tweet, Truecaller claimed that he might have mistakenly triggered the auto-invite feature by clicking on the referral programme when it popped up on his phone.

“When you click on the referral notification and click OK, an invite is automatically sent to a non-Truecaller user in your contact list,” reads the response.

Truecaller

However, Chika denied ever signing up for the referral programme since he started using Truecaller in 2015.

He also pointed out that he never clicked on any notification about the referral program.

Truecaller

Clearly and unequivocally, Chika narrates his ordeal to Techpoint.

“It was on the 26th of October, around 3:38 p.m. Nigerian time, I just checked my phone only to discover that promotional text messages had gone out to random contacts, using my airtime,” Chika recalls.

Sample SMS Truecaller sent to one of Chika’s clients/contacts

Worse still, the fact that these messages were sent to some of his professional acquaintances and clients, called his professionalism into question. Chika claims they may have cost him deals worth up to ₦5 million ($13,807).

“Since they didn’t send to all my contacts but selected just a few, I started to wonder how they came up with that list and who gave them authorisation,” says Chika.

His ensuing confusion prompted him to check the app permissions where he saw the long list of features the app has access to — including his phonebook and SMS app — to which he had unknowingly granted Truecaller on installing the app.

Chika insists that the referral programme could not have been activated erroneously because it is not easy to find within the app. He also claims that no one who could have triggered the app’s auto-invite had access to his phone during this period.

A closer look at the Truecaller app reveals that it would indeed take a series of very deliberate actions to activate the referral programme though, once in a while, ads pop up on the phone’s notification bar which could be clicked on by mistake.

Pop-up notification ad that could inadvertently sign a user unto the Truecaller referral programme

In response to our inquiry, Truecaller firmly maintains that from its investigation, Chika actually entered for a referral programme a while ago but cannot tell if he triggered it manually or not.

“This seems like abnormal behaviour and we are investigating this further with the user. Since we have not seen any other users reporting the same issue within this time frame, Truecaller users don’t need to be concerned about this.”

However, the issue does not appear to be exclusive to Chika or even to just Nigeria.

Another user from Bangalore, India made the same complaint and claimed to have heard of multiple complaints by other users.

Reportedly, it is not news that the caller app executes such random acts without the consent of its registered users.

Truecaller

@Truecaller

What is the biggest call or sms scam in your country? Tell us your experiences!

freddy nazareth@pv317

@Truecaller sending messages without consent and activating services without consent

See freddy nazareth’s other Tweets

In July 2019, Truecaller users in India experienced acts that amounted to a serious privacy breach and the possibility of this being a recurrence is high.

Reportedly caused by a bug, the app automatically created IDs for its users with India’s Unified Payment Interface (UPI) — an instant payment system for interbank transactions — without their consent.


All of this comes on the back of an investigation by the National Information Technology Development Agency (NITDA) into the allegedly unfair amount of user data the Scandinavia-owned app has access to on installation. For now, it seems users might have to critically read Truecaller’s privacy policy and decide on the best way to tread, going forward.

Leave a Reply