Truecaller is one of my most favorite apps, and with over 100 million installs so far according to Play Store. It is a favorite Android app among millions of users around the world. This app serves as caller ID even when you are getting international calls and gives you the ability to spam certain contacts you would rather not have calling and texting your number.
However, there is an alarming report by Cheetah Mobile Security Research Lab. The report says Truecaller has a security flaw that leaves your personal information unsecured to would-be hackers. In parts the report reads:
“This vulnerability allows anyone to steal Truecaller users’ sensitive information, potentially opening doors for attackers. Overall, more than 100 million Android users who have downloaded this app on their smartphones are in danger.”
Apparently, when you install the app on your Android smartphone, verification is usually done by way of a phone call or a text message being sent to your number. Once a user passes the verification process successfully, Truecaller capture the user’s identity and details alongside their device’s IMEI.
The security experts from Cheetah Mobile Security Research Lab. say that the service is using users’ IMEI as the sole label to identify users. The security risk in this act is that virtually anyone with IMEI information can query Truecaller’s server remotely and gain access to other personal information on the users.
Meaning would-be hackers can not only view your personal data, but also edit your information for their selfish gains. The researchers have so far notified Truecaller about this vulnerability and Truecaller has addressed it in the app’s updated released March 22.
To be on the safe side, ensure your Truecaller is updated. Especially if you are the type of users who’s Google Play Store cannot automatically update apps as new updates are being rolled out. This vulnerability has so far only been identified on the Android app while the iOS and Windows app remains unclear.