The Truecaller app allows users to block unwanted calls and text messages, and show you who is calling, even if you don’t have the number in your phone book. It also has a handy feature which allows you to search phone numbers and see who the number belongs to. It sounds like a very handy app, and apparently I’m not the only one that thinks so. The app shows over 100 million downloads in the Google Play Store.
Not all is good with Truecaller though. Researchers from the Cheetah Mobile Security Research Lab discovered an issue with the app that places those 100 million users at risk of, among other things, having their identifying information at risk of being stolen. The only identifier Truecaller uses for it’s users is the IMEI of the device it’s being used on. That means that if someone should obtain the IMEI of a Truecaller user, they would have complete access to the users account.
Once access to the account has been gained, hackers gain access to the user’s account name, gender, email address, profile picture and home address. They also have the ability to change the application settings which include, disabling spam blockers, and add or delete to the user’s blacklist. I use the term hacker loosely, as it’s not so much much of a hack, and really just more of easy access to an account.
Cheetah notified Truecaller to the issues of the app, and Truecaller states that they have corrected the issue with the app with an update as of March 22nd. However, if you look at Truecaller on the Google Play Store, the app is sittiing at version 6.60, dated February 12, 2016. If you’re using Truecaller, it may be a good idea to remove your account and delete the app until an update is available.