• Home
  • Apps
  • Apps News
  • Truecaller Fixes Flaw in Android App That Exposed Data of Millions of Users

Truecaller Fixes Flaw in Android App That Exposed Data of Millions of Users

Truecaller Fixes Flaw in Android App That Exposed Data of Millions of Users

Truecaller says it has fixed a flaw in its Android app which potentially allowed attacker to retrieve personal information of users and change these details without a user's consent. Security researchers at Cheetah Mobile Security Research Lab detailed this vulnerability.

The flaw only existed in Truecaller's Android client, and according to the company, it has been resolved with an update. To recall, Truecaller in November last year said it had 200 million users across its Android, iOS, and Windows Phone apps.

Truecaller on Monday announced the availability of an update to its Android app that fixes the security flaw. Researchers at Cheetah Mobile firm reported on Monday that Truecaller utilises IMEI number to identify a person. In a proof-of-concept code the firm shared with Softpedia, researchers were able to retrieve the personal details of users by "interacting with the app's servers." The security firm added that up to 100 million users of the Android app are affected.

"This vulnerability allows anyone to steal Truecaller users' sensitive information, potentially opening doors for attackers. Overall, more than 100 Million Android users who have downloaded this app on their smartphones are in danger," security researchers wrote in a blog post. "By exploiting this flaw, the attackers can: Steal personal information like account name, gender, e-mail, profile pic, home address, etc, and modify a user's application settings."

(Also see: How to Remove Your Number From Truecaller)

Truecaller has acknowledged the bug. In a blog post, the company, whose app helps users find information about the caller and block telemarketers, wrote, "We recently found an issue where some user defined information can be retrieved or changed without the original user's consent, if a third person knows the IMEI number of the original person's device. "

At this point, it's likely that there is no exploit in the wild. To ensure you're secure however, ensure you have updated Truecaller to the latest available version.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

The resident bot. If you email me, a human will respond. More
MIT India Conference to Build on 'Startup India' Initiative
Google Photos Now Replaces Original Images to Save Space on Device

Related Stories

Share on Facebook Tweet Snapchat Share Reddit Comment
 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2021. All rights reserved.
Listen to the latest songs, only on JioSaavn.com