Leak in TrueCaller app giving access to data from millions of Android users




The Android version of the popular app TrueCaller gave access to the data of its users. The app, which among other things makes it possible to identify incoming calls, it is more than one hundred million times for that platform. There has now released a patch.

The vulnerability allows an attacker according to the security researchers of Cheetah Mobile able to get through the IMEI access -number of user data such as name, gender, email address and home address. Also can change an attacker settings, such as disabling spam blocking and adjusting the blocking list. True Caller reports the attackers did not abuse the vulnerability.

The vulnerability stems from the fact that TrueCaller the IMEI number of a mobile phone deployment to identify users. Therefore, any attacker who is in possession of that number to retrieve the data. It does not describe the technique could be used for this purpose exactly. The figure of an IMEI number is possible, for example by using other malware. By TrueCaller leak can thus be a link between that number and a user.

The app’s developers have released a patch on March 22, the new version via the Play Store available. The user is therefore advised to perform an update. The researchers let Softpedia know that they are still investigating whether there is a vulnerability in the iOS version of the app.


In: A Technology & Gadgets Asked By: [22050 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »