Truecaller pilfers phonebooks
Free spam filtering mobile app Truecaller and similar applications have come under fire for storing information about people without their consent.
The Truecaller app allows users to identify unknown incoming calls and block calls they do not want to receive. Users receive assistance from the app's database, where spam numbers are listed and marked in red.
However, it is not only spam numbers that are listed.
When signing up for the app, users need to give the app access to their device's phonebook as well as contacts saved on social media accounts. This information contains phone numbers of people who do not have the Truecaller app.
The feature which allows the database to be accessed is called 'reverse look-up' and allows users to find out who a phone number belongs to, even if that person does not make use of one of the apps. The service does not work the other way round; users cannot put in a name and get a phone number.
However, in 2013, Truecaller was the victim of a cyber attack which resulted in unauthorised access to some data. This means information that someone did not give permission to be stored in a database could be at risk.
The app is popular locally. Last year, it was reported over 1.4 million South Africans use it, and 50 000 spam and unwanted calls are detected every day across the country.
The company, and other similar services Sync,me and CM Security each have a publically accessible database of more than three billion phone numbers and identities. This was discovered by Hong Kong-based investigative news agency Factwire.
The agency found that scores of Chinese officials, legislators and celebrities' numbers were on the list. BBC Tech reported it was able to find former British prime minister David Cameron's number, as well as those of Olympic athletes.
CM Security has halted its reverse look-up function, the South China Morning Post has said. It is not clear if Sync.me and Truecaller will do the same.
Truecaller does give people the option to 'unlist' their number, but not if users want to continue using the service as it requires deactivation of Truecaller accounts to delist.