Truecaller is under fire again after reports of potential privacy breach into the information of over 7 million Nigerian users.
The Swedish caller ID application is now facing an investigation from Nigerian IT regulatory body National Information Technology Agency (NITDA) following several complaints alleging potential breach of privacy rights of users.
The agency released a statement on Sept 23 urging the users to delist from the application and refrain from using it.
Initial findings of the investigations have found that Truecaller is not in compliance with the global laws on data protection and also fails to comply with the country’s Nigeria Data Protection Regulations(NDPR).
According to the statement, Truecaller reroutes all the customer data through Truecaller India, and it’s privacy policy agreement violates the user data privacy regulations.
For instance, Article1.1 of the privacy policy reads “Truecaller may supplement the information provided by you with information from third parties and add it to the information provided by you.”
There is a no well-defined way of knowing how Truecaller is sharing the data with third parties and updating it without specific consent, posing as a serious security risk.
Further, Article 1.2 of the same reads that “‘When you install and use the services, Truecaller will collect personal information from you and any devices You may use in Your interaction with our Services. The data collected by the company mentioned in the privacy agreement include :
Users’ applications installed on their devices; ID for advertising; SIM card usage; Metadata of outgoing/incoming calls and messages. The company was even tracking the kind of internet content consumed by users.
Things get worse at the third article as it clearly states that “Truecaller may also share personal information with third-party advertisers, agencies and networks”. And it will also have access to the user information about the Ads they see and engage with.
The Director-General of NITDA , Kashifu Inuwa was quoted saying: “ The implications of these(leaks) are far-reaching and the provisions of the privacy policy can be exploited to put many citizens in unsavoury conditions.”
This is not the first data security breach for Truecaller this year. It had faced flaks for automatically registering its users to UPI platform without consent in August.
Taking cognisance of the matter, the National Payments Corporation Of India (NPCI) had barred the company from adding new users on its UPI platform.
Responding to our report, Truecaller has issued a clarification on the same. The company said that its application is working on a permission-based approach and it asks users to give permission for location, camera and microphone.
But the statement stayed mum on the glaring issues highlighted by NITDA in Truecaller's privacy policy and the company has claimed that they are in the process of reviewing the comments made by NITDA and will give more information on it very soon
Post Updated after a response from Truecaller.