This bug is only present in the Android App of the Truecaller, however company claims that they have fixed it. In November last year, Truecaller claimed that it is now having over 200 million users in various mobile platforms like Android, iOS and Windows. Truecaller on Monday rolled out the latest update with fix of this privacy bug. Researchers at Cheetah Mobile Firm on Monday said that Truecaller uses the IMEI number of the device in order to identify the person. The proof concept was also shared with Softpedia, in which researchers managed to fetch the personal details of the users by ‘interacting with the app’s servers.’ Softpedia further said that about 100 million users of the Android App are affected by this bug. As mentioned above, this is due to TrueCaller’s utilization of the users IMEI number in order to identify the user. Security firm stated “This vulnerability allows anyone to steal Truecaller users’ sensitive information, potentially opening doors for attackers. Overall, more than 100 Million Android users who have downloaded this app on their smartphones are in danger”. On exploiting this flaw, hackers are able to :
“Steal personal information like account name, gender, e-mail, profile pic, home address, etc. Modify a user’s application settings: Disable spam blockers Add to a black list for users Delete a user’s blacklist”
Security firm, Cheetah Mobile contacted Truecaller about this bug and later the company updated their name servers and rolled out new version with fix on Android Platform. Truecaller in a statement said that so far “no user information has been compromised” as a result of this vulnerability.
