Most of us still have a telephone diary at home. Even in this age of smart-phones, tablets and ultra-books, the humble telephone diary remains a steadfast backup of contacts and business cards. Now imagine a scenario. You go to a convenience store. The clerk at the checkout has a simple proposition – you let him have all the information in your telephone diary and he will give you a discount!
How many of you will take him up on that offer? I asked my mother and she told me to shut up and pay him full in cash. She is a technophobe. She can use the TV remote and make calls from the cellphone. That’s about it. So why is it that apps like Truecaller have between 1 to 5 million Android users?
Exploiting a user’s contacts list is an old tactic. All social networks and email hosts have a module where they ask you for your email account details (“We never store the password! Honest!”) and siphon off your contacts. These are then stored, analyzed and warehoused for further use. Mobile apps make it even more easier. The mobile OS provides a convenient API to get access to contact details. The intent to read contacts is mentioned in the application’s app store page. No one ever reads that page. Once you install the app and give it a data connection, it siphons off your contacts list. It doesn’t matter if you remove the app later on.
When I know a person enough that I have his contact details with me, I do not give up that information willy-nilly. It is sacrosanct and I expect that he will not give up my contact details to a third party either. Would you give up a friend’s contact details to get a free lunch at a restaurant?
This is the complaint that I have against applications like WhatsApp and Viber. It is fine if the person who is installing the app wants to sign up for WhatsApp. But it has no business siphoning off his entire contacts list in the name of “finding out which of your friends are already on WhatsApp!”
Truecaller is an even more brazen violation of trust and privacy. Truecaller mentions straightaway that it is maintaining a directory of contacts. How does it work?
Let’s say Tom and Dick are friends with a presence in each others’ contacts list. Dick installs Truecaller, which siphons off his contacts. For some purpose Tom happened to call Harry, and Harry has Truecaller installed. Truecaller will intercept the call, extract the incoming number and match it against its own directory. Viola! Its Tom calling!
Does Truecaller have Tom’s permission to list his number? What other things is it going to do with its directory? What are the security protocols in place to protect all that information? What is the protocol for when government agencies ask for information and logs? Will it notify users about such requests?
Are the users made aware of these issues when they install Truecaller?
There is no free lunch in life. Nor online.
- Swedish Startup TrueCaller Global Directory App For Anyone In The World (nibletz.com)
- [Android] TrueCaller will identify unknown numbers (i.e. Caller ID) (dottech.org)