Security

Robocall Blocking Apps Sent Private Data Without User Permission

PIxabay

There’s currently bills and laws being proposed that aim to stop robocalls from happening and give companies and the users more power over the calls they receive but progress is slow and the robocalls have done nothing in the past few years but get worse. 

While in the past they might have been somewhat milder, in more recent years they not only spoof their numbers to look like it’s a local number calling but also threaten the unfortunate soul who picks up to pay fictitious fines to the IRS and other similar scams. 

Some users in the U.S report being called as many as a dozen times a day so a good number of them choose to install robocall-blocking apps that promise to keeps these pesky callers at bay. However, even these apps might not be as safe as they seem at first glance. 

Dan Hastings, a senior security consultant at cybersecurity firm NCC Group told TechCrunch that the robocall blocking apps, even popular ones like TrapCall and Hiya, start getting your data as soon as you open them. 

According to Hastings, the apps feed all your data to data analytics companies in order to monetize it. Of course, they don’t ask for your permission to do that and don’t mention it anywhere within the app or in their privacy policy. 

Truecaller and Hiya for example are even faster at nabbing data: before the user even accepts the privacy policies, the apps are already uploading data about the smartphone they have and the software version. 

Without having a technical background, most end users aren’t able to evaluate what data is actually being collected and sent to third parties,” Hastings said. “Privacy policies are the only way that a non-technical user can evaluate what data is collected about them while using an app.

Of course, all of these things come in direct violation with the Apple guidelines on data use and sharing and it was only after Hastings contacted the company that one app, TrapCaller, updated its privacy policy. 

Privacy policies are great, but apps need to get better about abiding by them,” Hastings added. “If most people took the time to read and try to understand privacy policies for all the apps they use (and are able to understand them!), they might be surprised to see how much these apps collect. Until that day, end-users will have to rely on security researchers performing manual deep dives into how apps handle their private information in practice.”

After this information came to light, Truecaller said it has submitted a fix for the issue while Hiya said that, while it does send device data to third-party apps, it does not collect any personal information and is working on strengthening the app’s privacy. 

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

To Top