WHAT EXACTLY DOES TRUECALLER DO WITH YOUR DATA? A DEVELOPER’S DEEP DIVE
As online privacy concerns increase, when signing up for Internet services or installing mobile apps, assurances of the protection of a prospective user’s data are given. But what really happens when you click that “sign up” button is anyone’s guess.
Two months ago, the National Information Technology Development Agency (NITDA) opened an investigation into caller ID app, Truecaller, over possible privacy issues. It was observed that the app’s privacy policies for the European Union (EU) countries were relatively secure and distinctively different from what obtained for non-EU countries.
Apparently, some of the permissions and variety of data demanded of non-EU users by the call app are absent for Truecaller users in the EU; this is attributed to the enactment of the General Data Protection Regulation (GDPR).
A month later, while coming to terms with the details of NITDA’s investigation, a Truecaller user lodged a complaint stating that promotional messages had been sent to his contacts without his consent, losing him potentially huge business opportunities. In both instances, Truecaller firmly asserted that it takes privacy issues seriously and that the app would never send promotional messages on its own.
What happens when you sign up for Truecaller?
International mobile subscriber identity (IMSI) — normally sent from your mobile device to your service provider any time you put your SIM card in a phone. Angry Wizard also hints that a user’s full info is then uploaded to a third-party domain belonging to a company called CleverTap — a mobile marketing company located in Mountain View, California — that enables marketers to identify, engage, and retain user info in an automated process.
The two most popular methods of uploading data from a user’s computer to a website’s server are the GET and POST method. The GET method is unsafe for transferring sensitive and confidential information like a user’s data, as anyone who knows what to look for can easily gain access. Hence, the POST method is always preferred. Consequently, the developer points out, all your info can be accessed publicly by anyone with the technical know-how.