Plus233 - Ghana's No.1 News Hub
Subscribe
  • Latest
  • Health
  • News
  • Love Therapy
  • World
  • Africa
Sunday, Jul 6, 2025
Plus233 - Ghana's No.1 News HubPlus233 - Ghana's No.1 News Hub
Font ResizerAa
Search
Follow US
Technology

What exactly does Truecaller do with your data? A hacker’s deep dive

Kweku Jasper
Last updated: February 22, 2020 3:16 pm
Kweku Jasper
Share
SHARE

As online privacy concerns increase, when signing up for Internet services or installing mobile apps, assurances of the protection of a prospective user’s data are given. But what really happens when you click that “sign up” button is anyone’s guess.

Contents
What happens when you sign up for Truecaller?But it gets more interestingSo we went searching

A year ago, the National Information Technology Development Agency (NITDA) opened an investigation into caller ID app, Truecaller, over possible privacy issues. It was observed that the app’s privacy policies for the European Union (EU) countries were relatively secure and distinctively different from what obtained for non-EU countries.

Apparently, some of the permissions and variety of data demanded of non-EU users by the call app are absent for Truecaller users in the EU; this is attributed to the enactment of the General Data Protection Regulation (GDPR).

A month later, while coming to terms with the details of NITDA’s investigation, a Truecaller user lodged a complaint stating that promotional messages had been sent to his contacts without his consent, losing him potentially huge business opportunities.

- Advertisement -

In both instances, Truecaller firmly asserted that it takes privacy issues seriously and that the app would never send promotional messages on its own.

What happens when you sign up for Truecaller?

Through the lens of a developer who goes by the name Angry Wizard, he decided to find out what happens to your data when you sign up for Truecaller.

According to Angry Wizard, when you register/create an account in Truecaller, all your device info is uploaded to their server as hinted in the app’s privacy policy and its permissions list. They include:

  • International mobile subscriber identity (IMSI) — normally sent from your mobile device to your service provider any time you put your SIM card in a phone
  • Operating System (OS)
  • Device ID
  • Network type, carrier, etc.

Angry Wizard also hints that a user’s full info is then uploaded to a third-party domain belonging to a company called CleverTap — a mobile marketing company located in Mountain View, California — that enables marketers to identify, engage, and retain user info in an automated process.

Clevertap info

He further insists that the server engages in a lot of unusual activity and comes in contact with lots of other third-party domains in the process.

- Advertisement -

But it gets more interesting

Not unlike the transportation of eggs, any information given when registering on a website should be transported safely and securely.

While uploading data to an external server without the user’s consent apparently violates Truecaller’s privacy policy, Angry wizard alleges that Truecaller uses a very unsafe method to upload this data.

“Your entire phone book, contacts, and information get uploaded to their servers. Oh! And it’s over GET,” he explains.

- Advertisement -

The two most popular methods of uploading data from a user’s computer to a website’s server are the GET and POST method.

The GET method is unsafe for transferring sensitive and confidential information like a user’s data, as anyone who knows what to look for can easily gain access. Hence, the POST method is always preferred.

Consequently, the developer points out, all your info can be accessed publicly by anyone with the technical know-how.

Truecaller data
Web response containing personal info for Truecaller

According to Angry Wizard, the information of over 30,000 contacts and names of spammers reported by Truecaller users are made public, requiring no authentication for anyone to access.

So we went searching

Seeking clarification, on December 3, 2019, we reached out to Truecaller’s Director of Communications, Kim Fai Kok, who insisted once more that no user content is sent to a third-party domain without the user’s consent.

He also refuted claims that Truecaller uploads details using GET and that the information could be accessed publicly.

“No user or spam data can be accessed by the public. Any verified Truecaller user can access other users’ public data, provided they know the phone number of the person, in accordance with our Terms of Use and Privacy Policy,” says Kok.

“The spam data is a community spam list, which is accessible to all our users and does not require the owner of the phone number to accept any terms,” he adds.

To double-check these claims, on December 5, we sent two mobile numbers to the Wizard: one of a Truecaller user, and the other belonging to a non-Truecaller user and surprisingly, he sent back URLs containing information of both numbers.

A day or two after, the links stopped working, so we briefly thought Truecaller had fixed the issue. But last week Friday, we received another link containing the same information from both numbers.

While Truecaller refuted all of Angry Wizard’s claims, our latter discovery has given us pause as we await the outcome of NITDA’s investigation.

For the geeks, a detailed explanation of Angry Wizard’s deep dive can be found here.

Source: Techpoint.africa

TAGGED:angry wizardCYBERSECURITYprivacytrue caller
Share This Article
Facebook Copy Link Print
ByKweku Jasper
Follow:
I am a multi talented African son growing up in a cold but hot world, where nothing is what it seems to be. I am an optimist by faith, R.N by profession, Web developer by practice, Tech preacher by decision, promoter by love, blogger by inspiration, photographer by occupation, marketer by calling, satirist by tribe, entrepreneur by origin, events manager by love, non-bias and rich by choice, illustrious by divine arrangement and Ghanaian by law. I am a Data Scientist by curiosity, ML & Al fun, a Cybersecurity advocate, SEO consultant & a UI/UX Researcher. Simply put, I am all things to all men at all times.
Leave a Comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recipe Rating




Let's Connect

304.9kLike
3.04MFollow
304.9kPin
844.87MFollow
40.49MSubscribe
39.5kFollow

Popular Posts

Black Panther lead actor, Chadwick Boseman dies at 43 after 4-year fight with colon cancer

Kweku Jasper
7 Min Read

WAEC releases 2020 WASSCE results

Kweku Jasper
2 Min Read
UHAS LAB (MAIN CAMPUS BEGINS TESTING FOR COVID-19 TOMORROW 27/04/20

UHAS LAB (MAIN CAMPUS BEGINS TESTING FOR COVID-19 TOMORROW 27/04/20

Kweku Jasper
1 Min Read

AFCON trophy reportedly stolen from CAF headquarters in Egypt

Kweku Jasper
1 Min Read

You Might Also Like

Technology

How Truecaller might have cost this Nigerian user over $13,000

6 Min Read
Technology

NITDA is on a mission to safeguard the data privacy rights of Nigerians

5 Min Read

Facebook is buying GIF company Giphy for $400 million

2 Min Read
Technology

NITDA investigating alleged privacy breach by Truecaller

3 Min Read

Social Networks

Facebook-f Twitter Gitlab Youtube Medium Telegram Twitch Rss

As Seen On

Plus233 - Ghana's No.1 News Hub
Plus233 - Ghana's No.1 News Hub
Plus233 - Ghana's No.1 News Hub
Plus233 - Ghana's No.1 News Hub

Foxiz Innovation News, 123 Innovation Street, Techland, TX 54321, United Techdom

Plus233 - Ghana's No.1 News Hub
Plus233 - Ghana's No.1 News Hub
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?