True Caller lost your details to hackers

[Jayjit Biswas]

Security Affairs - Read, think, share … Security is everyone's responsibilitySecurity Affairs
Yes your Google Play Store version dated 12.2.2016 which is not patched.

Posted via the Android Central App

 

[Aquila]

Was there a breach? The article doesn't say that, just that there was the potential for one before it was patched early last week. Does anyone use TrueCaller? I had to use Google to find out what it is. Also, it is important to remember that literally nothing Cheetah says, ever, can be taken at face value without independent corroboration.

 

[anon(5719825)]

Says it leaves 100 million users vulnerable? I can't imagine that there are 100 million people using that app.

 

[brava27]

Damn paranoid threads

 

[cbreze]

Tried that app the other day then dumped it when it wouldn't do what I needed. Wonder if they got my contact info, or worse. Extreme call blocker is much better.

 

[Jerry Hildenbrand]

I can't find the original source for that article, but what I'm reading from the link above:

True Caller uses IMEI as an ID.
Someone can get the IMEI, which gives them access to your personal information.

That's not how things work. The only information you can gather from having a users IMEI is a SIM IMSI number — if you have access to the telco/regulatory database with that info. With a SIM IMSI, you can get a MSISDN, but only if you have access to the carrier database. IF you have that access, you can use a MSISDN to get the name and billing address for a customer, but only if you have access to yet another carrier database.

If you're law enforcement, you can ask for access with a warrant. If you're not, you would need to crack three different databases to get the billing address of the user.

While this is technically possible, I wouldn't lose one second of sleep over it

 

[Aquila]

Absolutely nothing from cheetah mobile can be cited without independent corroboration. Thou shalt not FUD.

 

[Rumblee1]

According to Google play store, a hundred million downloads are correct.

Posted via Android Central App

 

[Gator352]

According to Google play store, a hundred million downloads are correct.

Posted via Android Central App

But how many of those are re-downloads? I would say 40%...or more.

 

[meyerweb#CB]

The 100 million number isn't just people who downloaded the app. Truecaller builds it's database of numbers and associated names by scanning the address books of phones on which it is installed. So if you download it, and have 200 people with phone numbers in contacts, you just made 201 phone numbers / names available to TrueCaller.

 

[Aquila]

So... was there an attack? Because I haven't found a single source that cites anything but a 2013 attack in which approx. 600 GB worth of data was obtained and given to the Syrian something or other. So this is yet again another either non-existent threat that was already patched or extremely minor threat that applied to approximately 0 users. Getting really sick of these articles. They're all crying wolf on things that have circumstances that are almost non-existent in the wild or never existed as a real threat at all. Where is the journalistic integrity? "100s of millions of users" is totally nonsense. A better title may have been, "TrueCaller patches imaginary security threat prior to anyone being harmed and thus there is no story here, good day sir". Or something like that.

 

[Kamran Mamedi]

Hi all,

Truecaller is available on many platforms and some of them, the user has the opportunity to share their phonebook by activating "Enhanced search" and we say clearly that contacts will be shared publicly.
Important information is that NO one can search a name and get the phone number without Your approval. And we NEVER share any content publicly if you download the app from Google Play or from Appstore(iPhone), (Google Play descriptions).

Thanks for reading and let me know if you have any additional questions or concerns.

Kamran from Truecaller