wordpress blog stats
Connect with us

Hi, what are you looking for?

Issues The TrueCaller Hacking Raises About Apps & Their Makers

Yesterday, Sweden-based global phone directory service TrueCaller‘s database was hacked by Syrian Electronic Army hackers compromising on millions of phone book records available in their database.

I can understand the need for something like TrueCaller: it makes it easy for me to identify who is calling, and this is useful if you get a lot of cold-calls. I also recently lost a large number of contacts in a phone-change-mishap, and it is embarrassing if someone I know well calls and I don’t know who it is: at an interpersonal level, not having an acquaintances number on your phone is as awkward as turning down a friend request on Facebook: it’s half an insult, and maybe this is a situation that Indian’s are very conscious of, because Truecaller’s largest user base was Indian. As on June 2012, 1.6 million of around 3.2 million of its users in June 2012 were Indian, and now that it has around 20 million users, one can imagine that a substantive number of Indians would be using the service, and tens of millions of users are a part of its database. What is also quite worrying is that Truecaller had access codes to Facebook, Twitter, Gmail, and LinkedIn accounts of its users, data that was pulled via the mobile.

Truecaller’s hacking raises some questions about the apps ecosystem and user behavior:

What Apps Access: While it appears that only access codes for social networks were stored within Truecaller, it does make me conscious about the kind of information we are often forced to allow apps access to when we are downloading them. Typically, at least on the Android ecosystem, an app takes permissions for access to all kinds of information about users: the state of the phone, contacts, call logs, positioning, phone ID, among other things. As an example, I see no reason why the GMail application should have access to my call records, but it does, and you can be sure that Google collects that data.

This is what I like about the MIUI ROM: it’s an android deployment which allows me freedom to deny apps, including Path, Hangouts, Evernote etc, the access to this information.

Advertisement. Scroll to continue reading.

This exists because Android hasn’t adequately addressed these privacy issues, and both the stock android deployment and those from its OEM partners like Samsung, don’t give users enough power. I think it’s time it did that, before regulation takes over. I quite like the MIUI approach, but even this can be simplified:


– The rights that I give another user: If I’m not a Truecaller user, how is my number still with the service? It’s there because users who signed up gave TrueCaller access to their phone book while signing up, and I could have been on it. We’re not in an era where the only phone in the house was listed in a public phone directory: a phone is a personal device, and if I give my number to someone, I may be giving them the right to share that with other people they know, but I’m certainly not giving them the right to make that information public.

To it’s credit, TrueCaller allows users to de-list their number from their directory, but this is still a grey area, albeit not in India because India doesn’t have a privacy law.

– The rights that I give a private company: While we are all worried about the access to information that the government has through its CMS, and the US Government through PRISM, I think it’s important for us to note the kind of information that we give private companies access to. While we’re quite conscious about the information that Google is collecting – if you’re not, then try Google Now for a first hand experience of a tool that can both be incredibly useful and creepy at the same time – also look at what Facebook does when you install its mobile app: it asks for access to your contact book, in order to help you find your friends. Not just that, it repeatedly asks for access to the contact book. Beyond the phone book, Google has algorithms that read your mail to serve you contextual advertising, and Facebook serves you updates from friends that it thinks are more relevant to you, on the basis of your behavior on its platform. At one level, it is making things easy for you, but for their algorithms to be able to serve you better contextual information (and connect millions of data points to try and read your mind), it is collecting those millions of data points.

We often trust private companies more than we trust the government because the worst that a private company can do is try and make more money off you, and not brand you a terrorist because of a few politically incorrect email exchanges, or defame you because you download music, accessed porn or searched the name of a terrorist because you wanted to know who that person is.

We still need to be aware that all this information that private companies collect about us are ultimately accessible to the government.

Advertisement. Scroll to continue reading.

In the people versus state environment we live in, where laws won’t protect us because lawmakers will not, the least we should expect is that private companies dumb down their data collection, or give us enough, simple tools to prevent them from collecting this information.

Unfortunately, it’s not in their interest to do that.

Written By

Founder @ MediaNama. TED Fellow. Asia21 Fellow @ Asia Society. Co-founder SaveTheInternet.in and Internet Freedom Foundation. Advisory board @ CyberBRICS

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



The US and other countries' retreat from a laissez-faire approach to regulating markets presents India with a rare opportunity.


When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.


The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.


In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...


By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...

You May Also Like


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ