Crowdsourced Mobile Phonebook Truecaller is a Privacy Risk

Fascinating as it might seem, Imagine getting call from a number that you have not stored in your mobile phone book but your phone still letting you know the identity of the caller. This is exactly an app such as Truecaller, available for iOS and Android platforms does for you.

Before you jump on to say hallelujah to the utility value of this app, please consider this. Your phone will identify an unknown caller only if  someone else has stored her/him on their phone, and shared their directory ‘only with Truecaller’. This you must understand carefully.

While installing, the app asks for your permission to share your directory ‘only with Truecaller’, which effectively means, all your contacts in your phone book, including name, phone number, physical addresses etc. get copied onto a server operated by Truecaller. From that server, it becomes available to other users of Truecaller. The more number of times it finds a name stored by a particular name, it assigns a value to emphasize its trustworthyness. Of course, while installing it gives you a chance not to share your directory with ‘only Truecaller’, but as most people do not bother to read the stuff that appears on screen in the installation flow, the default process takes its course You also have to confirm your own identity while setting up this app on your phone.

Now picture this sequence. Someone unknown calls me. The app picks up the number from my phone, sends it to Truecaller’s server and gets me the name, in case there is a match in their server. So, in the process, Truecaller’s server even learns of your call pattern – who called you, what time, which date and so on. Marketers would love such data in aggregate, especially if segmented by geography.

The premise is that the more number of people who share their phone books with ‘only Truecaller’, the better the data quality becomes. What’s more, you can even search a contact by name.

In response to my Tweet raising concerns on privacy, this is what I received.

Why do I call it a privacy risk? Besides your contact number de facto emerging in public domain, imagine an analytics engine running in the background and putting a pattern to my lifestyle, and then making that data report to a marketer for a fee. You call an real estate agent dealing in apartments between 9 AM and 11 AM to enquire about that new apartment and you are pleasantly surprised at the serendipity of soon after receiving calls from two calls from Banks offering apartment finance at competitive rates.Now imagine starting a process of negotiation with the two banks when a third one, watching who their rivals are speaking to, calls you to offer a killer deal.  Sounds far fetched? That’s privacy risk.

Frankly, I am not sure if Truecaller app would pass high privacy protection stands of Europe or US. That also partly explains why it not getting high adoption numbers in markets in the West where people are more concerned about privacy.

So what do I recommend?

The first thing I recommend is to unlist yourself from Truecaller’s database. That can be done here.

The second advice is not to use this application at all. Just erase it from your phone. However, if you still wish to have it on your phone, in the interest of other citizens, please do not allow your directory to be shared as this app even allows for contacts to be searched by name. Have a unique name? You are most likely to be accurately identified.

7 thoughts on “Crowdsourced Mobile Phonebook Truecaller is a Privacy Risk

  1. Kim Fai Kok

    Hi Rajesh,

    I would like to clarify some points in the article. The privacy risk you are talking about, data mining. We do not keep track or analyze any of our users call behavior.

    Behind the app, we are people just like you. We have the same logic and the same concerns about the world. Millions of our users put their trust in us, and it is trust and integrity we have founded this company on. Acting in our user’s best interests is at the heart of our company’s DNA. Trustworthiness in our collaborative community and user confidence is vitally important to Truecaller’s continued success, growth and data quality. We will always put user integrity first and foremost. Truecaller will never compromise the security of our service to our users.

    /Kim
    Marketing Manager @ Truecaller

    Reply
    1. Rajesh Kumar

      Kim, thanks for joining the discussions here.The key question here is, whether a person’s name can land up in Truecaller’s database without her/his knowledge? The answer is a yes. It is also true that Truecaller allows for users to unlist their numbers. However, It remains a fact that there are many people who are not aware of the existence of Truecaller. Even within those who know about it, there may be a very significant percentage who may not be aware of the ability to unlist themselves. I tested out numbers of senior citizens in my relatives and was surprised to find their names in your database, as well as my wife’s private number that she does not share with many. This group has not heard of Truecaller, so someone else has acted irresponsibly in sharing with Truecaller and now Truecaller is irresponsibly sharing with others. If this is not a degree three privacy issue, what is?

      Reply
      1. Kim Fai Kok

        Rajesh,

        Sorry for the late reply. I didn’t get any notification when you wrote your last comment.

        Truecaller users can search for phone numbers in the collaborative database. To look up a number you MUST already be in possession of the number e.g. a missed call. If you have a missed call, a spam caller, a robot call, etc you can look up the number in the Truecaller directory to see who is calling. So, it’s a number search – a reverse number look up – not a name search.

        For name searches, Truecaller provides results that are relevant for each query, and puts users in control of who can see their contact details at all times. The name search works through a user’s social circle to contact the person whose number has been requested. The person being contacted MUST approve the request in order to unlock their contact details for the requester. This ensures that no contact details can be shared without prior approval of the person being contacted.

        Anyone can easily opt in or opt out of the Truecaller database anytime at http://www.truecaller.com/

        Together with our users we are creating an accurate, collaborative, global phone directory that currently doesn’t exist. Our database is dynamic and always evolving. When Truecaller users share their phone book, they help make the collaborative database better for users around the world to look up phone numbers.

        I hope this helps answer your question. Please let me know if you need any more information.

        Best Regards,
        Kim

        Reply
        1. Rajesh Kumar Post author

          Thanks for accepting each one of my assertion Kim! Bottomline: Truecaller is an Opt out thing, as opposed to Opt In. That’s the whole point.

          Reply
  2. Haneef

    http://timesofindia.indiatimes.com/tech/tech-news/TrueCaller-hacked-1-million-Indians-data-at-risk/articleshow/21144470.cms

    So, hackers have our numbers!!!! What if it list the private numbers of VIP or defence persons??? I urge people not to use Truecaller as it is completely against someones privacy. People who donot hav truecaller installed, have their number in its database. So, now unwillingly, a persons’ privacy is on high risk.

    Today’s generation is forgetting what privacy is and why it is important. TrueCaller must be Banned* all over the world. Particularly in India….

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *