Truecaller bug could expose details of millions of users

Truecaller bug could expose details of millions of users:

Beware, a bug in the world's largest caller ID app Truecaller could expose personal details of millions of users worldwide, claim security researchers from the Cheetah Mobile Security Research Lab.

According to the researchers, "This vulnerability allows anyone to steal Truecaller users' sensitive information, potentially opening doors for attackers. Overall, more than 100 million Android users who have downloaded this app on their smartphones are in danger."

"The researcher found that Truecaller uses devices' IMEI as the only identity label of its users. Meaning that anyone gaining the IMEI of a device will be able to get Truecaller users' personal information (including phone number, home address, mail box, gender, etc.) and tamper app settings without users' consent, exposing them to malicious phishers," says the Beijing headquarter-based company in a blog post.

According to Cheetah Mobile, by exploiting the flaw, the attackers can steal users's personal information like account name, gender, e-mail, profile pic, home address, etc; modify a user's application settings, disable spam blockers; add to a black list for users; or delete a user's blacklist.

Cheetah Mobile Security Research Team claimed that it notified Truecaller about this vulnerability as soon as they discovered the loophole. Truecaller on its part has addressed the issue and released an update on March 22, but users still need to update to the app's latest version.