TrueCaller - The Magical App - Or is it.. ?

I have heard a lot of people mention about this wonderful app on their smartphones, which displays the name of the person calling, even if you do not have it on your contact list. Interestingly enough, last week I heard "an IT geek" at one of the local radio stations suggesting listeners to install this cool app on their smartphones. He went ahead and explained that the app gets the database from the GSM service providers. Well this is what most of the innocent users of this app believe !! 

No GSM service provider will ever publish a directory of all its subscribers or give access to any one else to tap into their subscriber database. Then how does true caller do what it claims to do with almost 100 % accuracy - show you the name of the person calling, magically ?

The magic starts immediately after the app is downloaded to your smartphone and you recite the wedding vows.

"I take you to be my lawfully installed application, my trusted magical wizard from this day forward. In the presence of the internet, android and iOS, I offer all my contact details with their names, location and numbers to you so that you can share it with the rest of the world. I promise to allow you to synchronize my phone book with your servers as long as I have you installed on my smartphone."

This is what you accept the app to do when you agree to the prompts after the install :-

1. Modify Your Contacts
2. Read Your Contacts
3. Read Call Log
4. Write Call Log

The app uploads a copy of your entire phone book to its servers. This is what it has done with the phone book of its 20 million users. So what they have on their servers is an aggregated phone book database of millions of mobile numbers which are constantly updated with the new contacts that each of its subscribers add to their phone books. 

So when a caller who is not on your contact list calls you, the app looks up its database and shows the the name under which other people have listed it. It picks up the most relevant name based on the occurrence in its database. So the pretty girl next door might be listed as " My Honey Bun'  on someone's contact list, 'My Ex-2013' on someone else's and Ms. First Name, Last Name on your few of her colleagues phone book. So if she were to call your mobile it might most likely show you the Ms. First Name, Last Name (maximum occurrence). However if she called you from a number which she has only shared with her boy friend (current n ex), the app might list the caller as 'My Honey Bun' !!

As if the phone book data was not enough, TrueCaller has integration with Facebook, Twitter, Watsapp etc, giving them access to the contacts details of your friends on these social platforms as well. 

As the app has access to your call log, it is also able to analyse your call patterns, monthly spend, frequently called friends/associates etc. This information is worth millions, to a lot of commercial establishments who would be able to create and target, effective marketing campaigns based on this data. 

Last year TrueCaller was hacked and the database compromised. The hackers managed to download multiple databases from the TrueCaller website. These databases had contact information about millions of phone users including private numbers of a lot of politically and socially important personalities. 

The intention of this post is to educate the readers about how the application works and inform them about the potential security risk of having this app installed on their phone. I am sure each one of us have a different perspective about security. However one should realize that  by synchronizing your contact list you are exposing the privacy of your friends and family members. If your contact list has details of  people who are socially or politically important, VIP's etc. you might be compromising their security by installing this application on your phone.