Apps

Truecaller Clarifies On UPI Payments Bug Once Again, Says It Affected Less Than 0.12% Monthly Active Users In India

Written By Tanmay Patange | Mumbai | Published:

Hack:

  • Truecaller has issued another detailed statement explaining what caused the UPI payments flaw within the app last week
  • Last week, Truecaller automatically signed up some users to its UPI payments service without its users' knowledge

Truecaller has issued another detailed statement explaining what caused the UPI payments flaw within the app last week. Last week, Truecaller automatically signed up some users to its UPI payments service without its users' knowledge. The incident swiftly led to a brief panic among Truecaller users who received a confirmation message from the bank upon unknowingly completing the registration.

READ | Truecaller fixes critical payments flaw after automatically signing up users to its UPI service, says 'we are sorry'

Earlier, Truecaller said it has rolled out a fix with an updated version of the app. However, the reason behind what caused the blunder was not clear. In its most recent statement though, Truecaller has explained what caused the issue in the first place. Truecaller also said the issue affected less than 0.12% of its total active users in India.

"As a standard internal protocol, every time we roll an updated version, we first roll it out to 1% of our user base, check the reviews, support tickets, and crash reports to see if everything is normal. For this particular release, we noticed that the first users to update to our new version (10.41.6) on Android started to complain that an SMS was sent out automatically without users’ consent to our banking partners," Truecaller said.

However, Truecaller has clarified no bank accounts or financial information of users were compromised and "immediate steps were taken to remove the issue and ensure the services were returned to normal."

Here's what caused Truecaller's UPI payments bug

The API that caused the problem was supposed to be initiated for only existing Truecaller Pay users. However, it was triggered for a portion of users who were not already registered for payments.

"Such an API issue is unusual and unprecedented at Truecaller and a scenario we hadn’t designed for. As a consequence, the payments backend responded with an error code signalling that the users have insufficient credentials to perform this request," Truecaller said. "This triggered a credential refresh which would eventually cause the UPI registration to be triggered inadvertently."

Earlier this year, Truecaller said it is locally storing the data of Indian users "to ensure transparency and provide faster and more reliable services."

DO NOT MISS