Truecaller is under fire again after reports of potential privacy breach into the information of over 7 million Nigerian users.
The Swedish caller ID application is now facing an investigation from Nigerian IT regulatory body National Information Technology Agency (NITDA) following several complaints alleging potential breach of privacy rights of users.
The agency released a statement on Sept 23 urging the users to delist from the application and refrain from using it.
Initial findings of the investigations have found that Truecaller is not in compliance with the global laws on data protection and also fails to comply with the country’s Nigeria Data Protection Regulations(NDPR).
There is a no well-defined way of knowing how Truecaller is sharing the data with third parties and updating it without specific consent, posing as a serious security risk.
Further, Article 1.2 of the same reads that “‘When you install and use the services, Truecaller will collect personal information from you and any devices You may use in Your interaction with our Services. The data collected by the company mentioned in the privacy agreement include :
Users’ applications installed on their devices; ID for advertising; SIM card usage; Metadata of outgoing/incoming calls and messages. The company was even tracking the kind of internet content consumed by users.
Things get worse at the third article as it clearly states that “Truecaller may also share personal information with third-party advertisers, agencies and networks”. And it will also have access to the user information about the Ads they see and engage with.
This is not the first data security breach for Truecaller this year. It had faced flaks for automatically registering its users to UPI platform without consent in August.
Taking cognisance of the matter, the National Payments Corporation Of India (NPCI) had barred the company from adding new users on its UPI platform.
Responding to our report, Truecaller has issued a clarification on the same. The company said that its application is working on a permission-based approach and it asks users to give permission for location, camera and microphone.
Post Updated after a response from Truecaller.