The true colours of Truecaller in India: app accused of being negligent about data privacy · Global Voices
Rezwan

Truecaller app. Image via Flickr by Tua Ulamac. CC BY-NC-SA 2.0.
India has over 750 million smartphone users and, if you had watched the popular Netflix show Jamtara: Sabka Number Ayega, you would know that scammers and spammers plague mostly new users. In 2021, the country ranked number four on the list of top countries affected by spam calls, with over 90 percent of all spam calls being telemarketing calls. Apart from telemarketing, scammers target unsuspecting victims for fraud luring them with alleged lottery wins and promotions, and enticing them to reveal sensitive personal information including account/card numbers, passwords, and one-time passwords (OTPs), which can lead to a huge loss of money from banks, cards and digital mobile wallets.
The Telephone Regulatory Authority of India (TRAI), had rolled out a Do-Not-Disturb (DND) app where you can enroll your mobile number to prevent these unsolicited calls. However, people still get those spam calls. One of the third-party apps that have become popular in India in the past few years is TrueCaller, which provides a caller identification service aimed at detecting spam. The Swedish Android and iOS smartphone app has features like caller identification tags, call-blocking, and flash-messaging, and is easy to use. However, according to research published by the international financial research organisation Viceroy Research, the app is plagued with constant breaches and data security failures and the company is avoiding regulations and taxes in India.
Digital rights organisation Internet Freedom Foundation tweeted:
Truecaller’s true colours revealed?
A report by @viceroyresearch alleges that @Truecaller (“TC”) isn’t as “privacy-focused” as it claims to be. It accuses TC of, among other things, collecting user data without obtaining their explicit consent. 1/8https://t.co/II6rFlz7H9
— Internet Freedom Foundation (IFF) (@internetfreedom) October 10, 2022
The privacy implications for people who end up in TC’s database was highlighted by @privacyint back in 2019. The case study also revealed that TC places liability on the non-user, by offering them the option to “unlist” themselves from the database. 3/8https://t.co/tsBF33cJti
— Internet Freedom Foundation (IFF) (@internetfreedom) October 10, 2022
TrueCaller was developed and founded by Alan Mamedi and Nami Zarringhalam in 2009, and is headquartered in Stockholm, Sweden. In 2015, TrueCaller launched a new feature called TrueMessenger exclusively targeting its 150-million strong user base in India that enabled users to identify the sender of SMS messages. This feature was added to the global app in 2017.
By 2022, TrueCaller had increased its user base to over 320 million, growing in populous countries like India, Bangladesh, Indonesia and Malaysia. Although the company is listed on the Nasdaq Stockholm Exchange, over 72 percent of its revenue comes from India.
The app crowdsources contact details from the users who installed the app on their phones. During installation, TrueCaller seeks permission to access their phonebook and the user is included in a part of a database. They cannot just scrape a user's contacts and upload them to their database as both Google and Apple do not allow developers to upload address books to their own servers. However, reportedly they can search and access these contacts from devices with Truecaller installed by connecting with services such as the dialer, and messaging, and display them in real-time. So a person's name may be on the list even if they have not installed the app if another TrueCaller user has saved the name and phone number as a contact. As per the Viceroy Research report, reverse search by name is possible if the user has installed TrueCaller, although the company denies it. And there  are claims that it bypasses the Google Play Store and Apple App Store policies if users register for premium services on web browsers.
According to TrueCaller, users can save a number assigning a name if TrueCaller isn’t able to identify it, which the app then uses to further build their database. However, there are location and other permissions that raise many questions.
TrueCaller has refuted all these allegations in a press release. The company also claims to be fully compliant with the Indian regulations including the data protection laws, which India lacks.
In March 2022, The Caravan Magazine published an article claiming that TrueCaller is exploiting India's inadequate privacy laws. The article also claims that the app may be building a complete financial profile of its registered users, without their proper consent as it can also access SMSes that contain sensitive information such as bank account numbers and OTPs.
In 2019, Privacy International flagged that using this app can have disastrous consequences for activists and investigative journalists.
Twitter user Shah tweeted:
Uninstalling #truecaller. Is there any alternative app? Every 3-4 days they send update, if u dont update then it will not show truecaller name. Now they have started showing ads. It is very annoying app. #ios #android #windows #appstore #PlayStore pic.twitter.com/wXooXPlNAq
— Shah (@ShahsComplaints) October 14, 2022
Another user The Hawk Eye tweeted:
People went crazy over Arougya Setu & HarGharTiranga campaign and yet the Truecaller app is that brazen data privacy breach, that no one talks about. Even without installing the app (or forced consent), your private data is out & could be easily misused. This thread 🧵 https://t.co/Xx3ptlgMZr
— The Hawk Eye (@thehawkeyex) October 7, 2022
TrueCaller is still popular with users where spam is on the rise. Entrepreneur Varun Krishnan tweeted:
This is why @Truecaller is a must have App. R.I.P Spammers! pic.twitter.com/SgwP6MdxHA
— Varun Krishnan (@varunkrish) October 14, 2022
User Rohit Pandey tweeted:
In India, people protect each other from spam callers using Truecaller. Love the simplicity and directness of nametags people put on spammers :)@Truecaller is the second best thing that happened to our phones, right after WhatsApp. pic.twitter.com/GnWtPPgI0V
— Rohit Pandey (@pandeyrohit) October 13, 2022
The company has launched a new campaign in India to create a safe space in the world of online communication. But is using it worth all the risks?
Adham El Banhawy, an IT expert comments:
I hope I made it clear why the benefits of Truecaller do NOT outweigh its cost. Some consequences of using their service may literally put lives in danger or put individuals at disadvantage.
The Telecom Regulatory Authority of India (TRAI) is planning to introduce a caller ID system that will show the real registered name of callers in addition to their numbers, which can make apps like TrueCaller redundant.