With over 100 million installs according to the information available at the Play Store, Truecaller is undeniably one of the most popular Android applications. The app indexes phone numbers based on users contacts list and displays caller ID even when a contact isn’t stored locally on the phone. Truecaller also lets you classify numbers as spam and it’s quite useful in fighting harassment.
However, a recent report by Cheetah Mobile Security Research Lab shows that Truecaller Android app has a vulnerability that leaves data of its millions of users exposed. According to the report:
The first time a user installs Truecaller, verification is done via a phone call or a text message. The user identity and details is then tied to the device’s IMEI. The researchers found out that Truecaller uses IMEI as the sole identity label for its users and anyone with the IMEI information can remotely query Truecaller’s server to reveal other personal information.
This lets a potential attacker not only view personal information about the user, but these details can be modified. The researchers have notified Truecaller about this and an update to the Android app was released on March 22. However, a lot of users are still exposed since not many people regularly update their installed applications.
It is unclear yet if this vulnerability exists in the app on other platforms like iOS and Windows.
No comments:
Post a Comment