Truecaller fixed a critical payments flaw in its app after it automatically signed up some users to its UPI-enabled payments service. It was discovered that Truecaller was automatically signing up some users to its UPI payments service without users' permission. The incident led to a brief panic among Truecaller users who received a confirmation SMS from ICICI Bak upon the registration.
Truecaller later said in a statement that bug in the app automatically signed up some users to its payments service and the company had rolled out a fix in the latest version of Truecaller. Addressing the issue, Truecaller had this to say:
“We have discovered a bug in the latest update of Truecaller that affected the payments feature, which automatically triggered a registration post updating to the version. This was a bug and we have discontinued this version of the app so no other users will be affected. We're sorry about this version not passing our quality standards. We've taken quick steps to fix the issue and already rolled out a fix in a new version. For the users already affected, the new version with the fix will be available shortly, however, in the meanwhile they can choose to manually deregister through the overflow menu in the app," Truecaller said in its statement.
Meanwhile, the incident has also generated reactions from Cybersecurity world.
"Truecaller incident shows that cybercriminals are getting more and more advanced, but looking at the positive side, it demonstrates that Indians are now paying more attention to detail when it comes to internet banking and securing their data online. From people getting duped by OTP messages sent to them by fraudsters to people now checking their bank messages, understanding what a bug in an app can do and actually taking precautions in that direction, we have come a long way. Companies too are now taking the right measures and coming out in the light to let people know when something is wrong and ensuring that it will be and has been fixed,” Cybersecurity company Kaspersky said.
Step 1: Open Truecaller and go to its home screen
Step 2: Click on the three-dot icon on the top right corner
Step 3: Now go to 'Manage Accounts'
Step 4: Click on the three-dot icon in the bank account card
Step 5: Now, delete the account and confirm
Recently, privacy concerns were raised that personal data of Truecaller users is accessible to third-parties.
"We have concluded that there was no security breach of our systems and that no financial/payment information or passwords have been compromised," Truecaller said. "The majority of the data that we analyzed did not match our systems."
Truecaller said that some users have possibly been abusing their Truecaller account to collect phone numbers, which is a violation of the company's Terms of Service.
Earlier this year, Truecaller said that it is locally storing the data of Indian users data "to ensure transparency and provide faster and more reliable services."