Security researchers from Cheetah Mobile have discovered a privacy flaw in Truecaller – the world’s largest caller ID app – that puts the personal information of over a hundred million users in danger.
As Cheetah Mobile explains in its report, Truecaller uses a devices’ IMEI number to assign identities to its users, which means that anyone with access to a device’s IMEI could tamper with your personal information without explicit consent.
By exploiting this defect, attackers can steal and alter details such as “account name, gender, e-mail, profile pic, home address”. Additionally, hackers can also modify application settings, disable spam blockers and edit (or delete) users’ blacklists.
Truecaller has since quickly flagged and fixed the bug, but users still need to update to the app’s latest iteration – that was released on March 22 – in order to ensure the safety of their private details.
According to Truecaller’s statement, monitoring analysis indicates that so far “no user information has been compromised” as a result of this vulnerability.