Cliche while it may sound, data has indeed become the new oil. It is now a commodity that most digital players want to collect and store. It is not for nothing that most applications - when you download those - seek access to your data such as call logs, camera, gallery, location, wireless and cellular networks and microphone. Big players such as Facebook, Apple and Google have been in the news for the data breach.
Earlier this year, caller identity app Truecaller found itself in the controversy. There were reports that user data (names, phone numbers and email addresses) on the app was available for sale on the dark web. The company had clarified in a statement, "we had investigated this allegation and discovered that majority of the numbers there did not match our database and it seems that a few numbers were scraped from our search function and added to a pre-existing database. Of course adding the words 'Truecaller verified database' to the sales pitch would have spiked the price point for such bad actors."
It has categorised permissions into two categories - necessary permissions and optional permissions. The former includes access to the phone's call logs and to make and manage phone calls. This is required to show the live caller IDs for calls. It also needs access to contacts to use the dialer/contact app to show the caller ID for the callers whose numbers are not stored in the user's phonebook.
Truecaller is not just a caller ID anymore. It offers a host of other services including messaging service, spam blocker, record phone calls, instant payment and bank account management. For these additional services, Truecaller would seek access to optional services. For instance, for messaging-related services, Truecaller requires access to SMS or MMS to identify the sender. It also requires full network access to communicate with Truecaller servers and perform searches. Location access is required not just for sharing location through SMS/Chat or flash but also to regionalise the top spammer list. Receiving data from the internet is required to receive push notifications. Truecaller seeks access for the microphone for call recording feature or for sending audio clips. If a user uses any of the features such as attach pictures as MMS/chat or use 'Scan and Pay' feature for scanning bills or scan numbers for number lookup, Truecaller will gain access to the camera.
Under optional permissions, Truecaller asks for gaining access to modifying contacts for saving or editing contacts in the phone book. It also seeks access to the disable screen lock to prevent the device from sleeping, to show the caller ID window during incoming calls and to receive a push notification when the device has the screen locked.
Truecaller also allows users to control and protect how their personal information is displayed to others in the community. Users can edit their profiles in the app at any time or deactivate their accounts in the Privacy Centre. There is also an option to 'unlist' information from the platform.
Contrary to the popular belief that Truecaller uploads user phonebook, the company has clarified that users have the option to share their phonebook by registering for 'Enhanced Search' and confirming that they have obtained consent to upload such details from those in the phonebook. Enhanced Search is permission-based and is displayed to users when registering.