Some apps are apparently storing people’s information without their consent
There are several security apps that can help you block unknown callers and even identify whoâ€™s calling.
However, a report has revealed that suchÂ apps also add usersâ€™Â contact informationÂ to their databases. The information can then be used by anyone.
An investigation by Factwire has found that websites for these apps allow users to connect any number with a name even if they havenâ€™t downloaded the app. However, numbers cannot be obtained by merely entering a name.
Apps such as Truecaller, Sync.me and CM Security block spam calls and feature â€œreverse-look upâ€ functionality for numbers usersÂ do not recognise. What many donâ€™t know is that these apps also upload theirÂ phones contacts to databasesÂ upon installation, essentiallyÂ gathering contact information without the ownerâ€™s knowledge.
The BBC has found that many British numbers including that of former prime minister David Cameron are also listed. Security researcher Rik Ferguson of Trend Micro also had his contact on Truecallerâ€™s database.
Speaking to the BBC, he confirmed he had never used the app or consented to having his number stored. â€œData can only be collected for specific, explicitly stated and legitimate purposes, may not be kept for a longer period than is necessary and crucially only with the explicit and informed consent of the data subject,â€ he said.
Some of the apps have over a billionÂ contacts saved on their databases, a cause forÂ concern. Truecaller, which suffered a security breach in 2013, insisted no sensitive information had beenÂ exposed in the cyber-attack.
Truecaller told the BBC that the app ensured that its data stored in Sweden remained secureÂ and information was not shared with external organisations. â€œTruecaller is not in violation of the data protection laws in Sweden, nor across the EU as a wholeâ€ a statement from the company read.
One of the apps, CM Security, has now halted its reverse-look up function. Most of the apps do mention in their terms and conditions that users should have permission from their contacts before giving out their data.
This article originally appeared on BBC.