Every time you go online, you may use one of the best VPN services. You also make sure to protect important communications with encrypted messaging apps.
Nevertheless, one day you may realize that your name and telephone number are available to anyone who can obtain them without knowing it.
One of the most powerful allegations against Truecaller is that ignoring and concealing persons'' phone details without their consent.
Viceroy Research, a US-based international investigative financial firm, has filed this and other violations in its last detailed report, which focuses on the company''s business model and security infrastructure.
Despite Truecaller''s displeasure, many concerns remain about its privacy safeguards.
What are the true colours of Truecallers revealed? A report by @viceroyresearch claims that @Truecaller (TC) isn''t as privacy-focused as it is. It accuses TC of, among others, collecting user data without their explicit consent. 1/8https://t.co/II6rFlz7H9October 10, 2022
What is Truecaller?
Truecaller is a mobile app for Android and iOS devices that automatically filters and block untrustworthy emails to prevent spam.
Users will simply need to provide their phone number before they can begin using the service. The app will then access their contacts to establish its phonebook and improve its spam database. It even blocks malicious messages before they can reach your device.
"Truecaller is known for being a leader in caller ID and spam blocking software, as well as for research about call and SMS harassment," the tech firm says on its official website (opens in a new tab).
Truecaller, a Swedish company, is popular across the Sub-Saharan African region and India. According to The Economic Times, the latter is actually the most widespread market globally, boasting now more than 190 million daily active users.
This is not surprising, as India is among the countries with the most spam messages.
It''s more remarkable, perhaps, that the company moved its operations and data servers in India in 2018 and, according to Viceroy, there are a few shady reasons behind this business transformation.
From security breaches to invasive data collection, these are all allegations.
Viceroy Research discusses the benefits of the popular call-blocking app in the Truecallers True Colors report (opens in a new tab).
Users who install Truecaller on their smartphone are required to access their list of contacts to feed its own phonebook. This means that people''s phone numbers will end up on its database simply because they''re saved on a device that uses such a tool, without them agreeing to it.
This type of invasive data collecting techniques might be permitted, but it isn''t really. Google''s Privacy Policy and the EU/UK GDPR are both against, according to a data protection law.
So, how is Truecaller instandable to perform its operations in such a way?
For example, the company has been reported to have made arrangements with Android phone manufacturers to pre-install its app on new devices. Plus, it does not have to comply with these regulations if people sign-in from their browser.
In 2018, Truecaller moved all its data centers to India. And guess what happened that year, according to Viceroy''s researchers: "Truecaller is still subject to GDPR regulations, and these laws apply to all Truecaller users."
Viceroy accused the Swedish company of violating taxes in India, a country where its sales increased by 133% between January and June this year. Truecaller also found guilty of spamming their users with invasive ads and web tracking systems. Researchers are particularly concerned about how the software indiscriminately collects such sensitive information about minors.
Viceroy isn''t the first to investigate Truecaller''s alleged privacy violations and security breaches. What''s even worse, however, is that Viceroy is not the first to investigate. Here are a few examples.
In 2013, a study on how a group of Syrian hackers (the Syrian Electronic Army) was able to exploit the app database (opens in a new tab) was undertaken. Its security model has been designed.
In 2017, the Article 29 Working Group, a time-aid European data protection advisory committee, spoke about TrueCallers'' compliance with data protection laws.
In 2019, there were then a few reports illustrating how the data of many Truecaller users - most Indians - had been exposed on the dark web. Privacy International outlined the dangers of ending up on the Truecaller database (opens in a new tab) for journalists and other users who are critical of privacy.
Privacy experts advised the company take action to correct its privacy concerns at the time. "TrueCaller accepted our response, but did not demonstrate an interest in following those steps."
The Caravan, an Indian investigative publication, looked at (opens in a new tab) how Truecaller''s enhanced search makes users automatically share all of their contacts details, such as names, numbers, and email addresses.
Former Truecaller employees told The Caravan that the app may access user SMS messages to improve their financial profile. "This ability...would allow the app to send loan offers to individuals when their bank balance is below a certain limit," said the app''s former CEO.
Truecaller responds
Truecaller promptly responded to such requests, disguising that any privacy violation occurred.
Specifically, the company responded to The Caravan''s investigation (opens in a new tab) claiming that: "Truecaller is not interested in acquiring or collecting financial information of its users."
It claimed that the Caravan''s Enhanced Search complaint was factually incorrect. However, Viceroy Research found the feature in India until September 28.
During the same time, Truecaller criticised Viceroy''s misconduct allegations as false (opens in a new tab).
What''s certain now is that many questions remain over Falcaller''s business model. Moreover, the Swedish business will soon need to align its data collection practices with new regulations if it fails to respond in court for failing to do so.