Truecaller is a company that has made billions of dollars over the years by providing information about unknown numbers. It is a Sweden-based company founded in 2009 that provides caller-identification and call blocking services to mobile phone users all over the world.
The app was found by a team of three friends in 2009. They came up with the idea when they were frustrated by not being able to find each other on the phone after a night out. Cut to the present: Truecaller is now valued at $1 billion, and it has more than 100 million users worldwide.
The app claims to provide the world’s fastest caller identification on Android, iPhone, Blackberry, and Symbian mobile phones, which allows users to block unwanted telemarketers and spam from calling them again. But how does any of this work?
Understanding the working of Truecaller
When you download the Truecaller app, it asks you to grant various permissions in order for the app to function correctly. These permissions, when granted, can access your call logs, contact information, messages, etc. As a result, Truecaller has access to all of the data on your phone, whether it is your personal information or the information of your contacts. On the surface, they do this to let you know about spam calls and unknown numbers, but there is certainly more to this than that.
You see, when someone, anyone who has your contact details, agrees to the terms and conditions and grants all the necessary permissions, you also become part of Truecaller’s humongous database of 570 crore phone numbers. This means that even after you willingly did not agree to any of the company’s policies and never even installed or registered on the application, you are still in their records against your own free will. With more than 30 million monthly users, it is basically impossible for any of us to be off of Truecaller’s radar.
The GDPR, also known as the General Data Protection Regulation, is a piece of legislation that aims to harmonise data protection laws across the European Union, including France, Germany, Greece, the Netherlands, Portugal, Spain, and Sweden. Truecaller, being a Swedish company, had to abide by the GDPR. Under the GDPR, a company can not legally process any person’s personal information without meeting at least one of the following six conditions:
- The express consent of the data subject
- Processing is absolutely necessary for the performance of a contract with the data subject or to take steps to enter into a contract.
- Processing is necessary to comply with a legal obligation.
- Processing is necessary to protect the vital interests of a data subject or another person.
- The data processing is necessary to perform a task being carried out in the public interest or in the exercise of official authority vested in the controller.
- Processing is necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights, or freedoms of the data subject.
With GDPR and the EU destroying the very workings of Truecaller, they very conveniently sifted their data servers outside of Europe. Where, you ask? To India. Why? Because it is not a European country and hence does not have to comply with the GDPR. Due to heavy taxation on Indian companies, Truecaller still remains a Swedish company “making in India”. Truecaller’s issue has been resolved. But what about the privacy of the Indian public? Over half of the companies’ monthly users come from India alone, so it must be their priority to keep our data safe, right? Unfortunately, it turns out that they can sell your data to anyone willing to pay.
Truecaller is a popular app that can be used to identify unknown callers. It has been hacked on more than one occasion and continues to sell highly sensitive user data.
While talking about safety itself, the Truecaller servers have been hacked before, resulting in leaked user data, system, and location information. The company has confirmed that the breach happened on July 14th, 2018, when attackers were able to access the company’s servers and steal sensitive data.
When Truecaller was hacked, over 1 million user records were compromised and leaked online, including names, email addresses, phone numbers, gender information, and also photos of users’ ID cards or passports. This data breach raised concerns about the safety of user data, with many people wondering if Truecaller was really safe to use anymore. And why should we be concerned about a foreign company making money by blatantly selling and leaking such valuable and sensitive information? For all we know, the government itself could be watching over us in this very instance in the name of “security” and “privacy”.