Mobile Security

Popular call blocking apps expose 3 billion users' phone numbers

Deborah Salmi, 25 November 2016

The mobile phone numbers of politicians, celebrities, and billions of others are available on public databases from popular Caller ID and blocking apps.

Truecaller, CM Security, and Sync.ME, three popular caller blocking and ID apps used by millions of customers, have just been outed for storing the contact details of three billion people in publicly searchable databases. According to Digital Journal, research published earlier this week by Factwire, a group of investigative journalists in Hong Kong, said that the mobile phone numbers of politicians, celebrities, and billions of other people, can be found via searches on the app publisher’s websites.

It is likely that millions of numbers stored within the database are there without their owners’ knowledge or permission. The BBC reports that former Prime Minister David Cameron and Labour party leader Jeremy Corbyn are among those listed.

The popularity of call-blocking apps have grown in recent years because mobile users are tired of being interrupted by scam calls and telemarketers. In fact, we reported that Avast customers received 4.3 million calls from 170,000 telemarketers in the last 30 days.

The Factwire report explained that in addition to the blocked spam calls, these apps let customers use the Reverse Look-up feature within the apps to find the name of the unknown number.

When a telephone number is entered in each app, the app will search the billions of identified numbers in its database to trace the name of the number holder. Each app displays the name even when the holder is not a registered user and has not authorized the app to make his or her personal information available for search.

The database was so large because the apps ask users to upload their contact lists to the database when they install the app. That means not only were the app users risking their own privacy, but they unknowingly put all the contacts in their address book at risk too.

"Getting rid of unwanted calls doesn't mean you need to sacrify the privacy of your closest friends, family, or business partners," said Avast Call Blocker senior product manager Juraj Chrappa. "My contact list is sacred. It has names and numbers for my wife and my kids. I don't want them to be uploaded to some spooky database. This is why we built Avast Call Blocker with automatic spam call blocking. It never touches private information but rather uses advanced machine learning technology on top of public and anonymous data crowdsourced by our vast community." Avast Call Blocker, an app for iOS users was released this week in the USA and Canada. Call Blocker block calls without collecting personal information and or accessing your address book.

INSTALL APP

At this time, information privacy and data protection commissions, including the UK's Information Commissioner and Hong Kong's Privacy Commissioner for Personal Data, are investigating possible malpractice by the apps.

Photo: FactWire