Skip to main content

TrueCaller patches exploit that left millions of Android users vulnerable

truecaller exploit patched
Image used with permission by copyright holder
It seems as though every other day, there’s some kind of potential threat to an Android user’s security. Another security exploit was recently uncovered, but this time it’s related to a dialer app called TrueCaller.

While it’s not malware-related, installing TrueCaller could have left you susceptible to malicious hackers. Cheetah Mobile’s Security Research Lab found a loophole in the app that would have allowed anyone to gain access to TrueCaller user’s private information. TrueCaller used a smartphone’s IMEI number as the identity label of its users.

Recommended Videos

TrueCaller tells you who’s calling. It does so by identifying numbers, and matching them with ones marked by users. You can mark numbers as spam to make the service better and more reliable. As it crowd-sources its data, TrueCaller users have accounts with their name, phone number, home address, gender, and more — it’s this data that was available to malicious hackers through the app’s loophole.

Please enable Javascript to view this content

If someone managed to get hold of your IMEI number, they could go to TrueCaller’s website and access all of that information in your account, and even modify it — potentially lifting spam blocks so those calls can make it through again.

Thankfully, TrueCaller has patched the issue, and you should download the latest update through the Google Play store to make sure you’re safe. The company says no user information was compromised.

“We recently found an issue where some user defined information can be retrieved or changed without the original user’s consent, if a third person knows the IMEI number of the original person’s device,” according to the blog post. “We’ve quickly taken steps to fix this issue and have released an update which we strongly suggest all users upgrade to.”

What makes it scary is that more than 100 million Android users who have downloaded the app were vulnerable, and likely more as TrueCaller has been making its way to Cyanogen OS, in phones like Wileyfox, and Blu devices. TrueCaller is also available for Windows, and iOS, but it looks like the app on those operating systems were not affected.

Julian Chokkattu
Former Digital Trends Contributor
Julian is the mobile and wearables editor at Digital Trends, covering smartphones, fitness trackers, smartwatches, and more…
Apple seeds critical update to guard iPhones from USB hacking tools
Installing iOS 18.3 update on an iPhone 16 Pro.

Apple has released a fresh software update for iPhones and iPads to plug a critical flaw that could allow bad actors to extract data even from a locked device. The company says if granted physical access, an attacker could break past the safety of USB Restricted Mode on the target iPhone or iPad.

The aforementioned guardrail prevents USB accessories from pulling data from an iPhone that has been sitting in a locked state for over an hour. It seems there was an authorization flaw within Apple’s Accessibility framework that could allow an attacker to disable the USB Restricted Mode safety net.

Read more
The Motorola Razr Plus (2025) just leaked, and it’s far from exciting
The back of the Motorola Razr Plus 2024.

Motorola is launching a new flagship flip phone soon. It is slated to get an overdue processor upgrade, though the other specifications could fail to ignite the same excitement. A new leak reveals design changes -- or their lack -- that the Motorola Razr Plus (2025) comes with.

Based on the images by Android Headlines, the design of the Motorola Razr Plus (2025) has barely changed over the last generation. It retains the same physique as last year, without changes to the sizes of the dual displays -- inside and outside the flip phone.
Minimal changes to the leather finish
The bottom half of the back is still wrapped in faux leather, but with subtle differences from the previous generation. This year, we could see a stitch pattern beyond the curved part of the edges. The leak also reveals a new color option, noticeably darker than the green we saw last year.

Read more
This is why I love Circle to Search on the Galaxy S25 series
The Samsung Galaxy S25 Ultra's camera.

Since the Galaxy S24 series was launched last year, phone makers have focused heavily on adding AI to every facet of their smartphones. Apple launched Apple Intelligence last year — which brought a different, more personal, approach to AI with the iPhone 16 — a few months after Google unveiled Gemini for Android.

Despite Google waiting to launch the full suite of Gemini features for a few months, one of the key features had already launched on the Galaxy S24. Circle to Search allows you to search for anything displayed on your screen using AI, and as I discovered when selling my mother’s home last year, it makes it super easy to understand the value of items without needing to search for them by name.

Read more