Skip to main content

TrueCaller patches exploit that left millions of Android users vulnerable

It seems as though every other day, there’s some kind of potential threat to an Android user’s security. Another security exploit was recently uncovered, but this time it’s related to a dialer app called TrueCaller.

While it’s not malware-related, installing TrueCaller could have left you susceptible to malicious hackers. Cheetah Mobile’s Security Research Lab found a loophole in the app that would have allowed anyone to gain access to TrueCaller user’s private information. TrueCaller used a smartphone’s IMEI number as the identity label of its users.

Recommended Videos

TrueCaller tells you who’s calling. It does so by identifying numbers, and matching them with ones marked by users. You can mark numbers as spam to make the service better and more reliable. As it crowd-sources its data, TrueCaller users have accounts with their name, phone number, home address, gender, and more — it’s this data that was available to malicious hackers through the app’s loophole.

If someone managed to get hold of your IMEI number, they could go to TrueCaller’s website and access all of that information in your account, and even modify it — potentially lifting spam blocks so those calls can make it through again.

Thankfully, TrueCaller has patched the issue, and you should download the latest update through the Google Play store to make sure you’re safe. The company says no user information was compromised.

“We recently found an issue where some user defined information can be retrieved or changed without the original user’s consent, if a third person knows the IMEI number of the original person’s device,” according to the blog post. “We’ve quickly taken steps to fix this issue and have released an update which we strongly suggest all users upgrade to.”

What makes it scary is that more than 100 million Android users who have downloaded the app were vulnerable, and likely more as TrueCaller has been making its way to Cyanogen OS, in phones like Wileyfox, and Blu devices. TrueCaller is also available for Windows, and iOS, but it looks like the app on those operating systems were not affected.

Julian Chokkattu
Former Mobile and Wearables Editor
Julian is the mobile and wearables editor at Digital Trends, covering smartphones, fitness trackers, smartwatches, and more…
Do web browsers on the Apple Watch make sense?
Ant Browser facilitates web access on the Apple Watch.

“It’s a solution for people to reduce their dependence on their phones.” 

That’s what Australian developer Jonathon Lau told me in an interaction about building web experiences for the Apple Watch. We were discussing the Ant Browser, a freemium browser he made specifically for the Apple Watch. But why? 

Read more
5 Android 16 tips and tricks you can try on your Pixel right now
The Android 16 logo on the screen of the Pixel 9 Pro Fold

Google pulled off a surprise this year by releasing Android 16 months ahead of the usual schedule. The stable build for its Pixel smartphones was released in the second week of June, and at the moment, QPR builds with experimental features are being tested. 

The release, beyond the hype, has been somewhat bittersweet. On one hand, we got a glimpse of all the exciting new changes that are landing with the OS upgrade. On the flip side, a few of the more remarkable features are yet to appear. 

Read more
The Nothing Phone 3 gives you something you never seen before
The Nothing phone 3 in white

If you put the best phones side by side on a table, could you tell them apart? As smartphones have become increasingly homogenous, companies are searching for different ways to ensure their products stand out, and chief amongst these is Nothing.

The nascent London-based company has made design a key staple of its product portfolio, and the result has been some of the most unique designs in tech, including the Nothing Phone 3a Pro earlier this year. Key to the Nothing experience has been the Glyph Interface, a series of programmable light bars that are designed to notify you when your phone is face down on a table.

Read more