Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Android Privacy Software Technology

User Expresses Privacy Concerns After Software Update Replaces Default Phone App (martinruenz.de) 95

An anonymous reader writes: Since I am not living in my home country, I frequently use two different SIM cards and prefer having a phone with dual-sim support. This limits your choice significantly when buying a new device and last time I bought one, I opted for the Wileyfox Swift. It was cheap, had most features I desired and shipped with CyanogenMod (Android) -- which, I thought, might indicate that Wileyfox delivers a slim, privacy-aware system. Yesterday, I was delighted to see that Wileyfox provides an update to a new version of Android (7.1.1) and I didn't hesitate long to install the upgrade. Concerns that the hardware might not hold-up to the new system showed to be unfounded and everything seemed to work just fine. But when I realised that the dialler now labelled itself as 'truecaller' -- something I had never heard of, shoot, I didn't even know the dialler is an app -- it gave rise to a bad suspicion: Is some of my phone's core functionality now provided by a 3rd-party app? Indeed. Does it respect my privacy? No. Can I uninstall it again? No. Was I ever asked to comply with their terms and conditions? Of course not. On top of this, Truecaller doesn't seem to have a clean background. Here's how an Indian daily (Truecaller seems to be popular in emerging regions) described the app: Truecaller is a popular app that shows you contact details of unknown numbers calling you. It crowdsources contact details from all its users' address books. So even if you've never used the service, your name and number could be on Truecaller's database, thanks to someone else who's saved your contact details and allowed the app to access them.
This discussion has been archived. No new comments can be posted.

User Expresses Privacy Concerns After Software Update Replaces Default Phone App

Comments Filter:
  • by Anonymous Coward on Thursday May 04, 2017 @01:45PM (#54356019)

    Caught the fscking dialer thing trying to connect to both Facebook and Yandex after the OS upgrade at the weekend...just as well I've a Firewall installed on the thing in default block mode (though I'll bet there's a slimeball way round that..), just as well I have other OS options which I'll be exploring this weekend.

    Not happy, quite a greasy move on their part.

    • But well, it's not as if privacy was not a thing of the past... Resistance is futile.
    • by mrchaotica ( 681592 ) * on Thursday May 04, 2017 @03:01PM (#54356615)

      GIven the shady behavior, I have to question whether the phone uses actual CyanogenMod (or rather, LineageOS [wikipedia.org], these days), or if it uses a vendor-controlled fork of CyanogenMod that the vendor infected with malware. It could be that everyone who bought the device was trojaned from the beginning and didn't realize it because of the branding.

      • by AmiMoJo ( 196126 )

        Cyanogen started including Truecaller a few years ago in official ROMs. Lineage OS doesn't include Truecaller, but you can install it yourself.

    • by AmiMoJo ( 196126 )

      Okay, let's cut some bullshit. I have Truecaller on Cyanogen and my firewall logs show no connections to either Facebook or Yandex. Maybe you enabled the Facebook integration option. In any case, why didn't you just flip the switch that turns off Truecaller entirely? It's right there in the dialer options.

      Truecaller operates under EU privacy rules. Show me some logs and I'll report any violations for you.

  • I've used Cyanogen when it had TrueCaller Support. It was very helpful in weeding out unsolicited phone calls (robo-calls, telemarketers etc). A phone number should identify who is calling. If you don't want people to know your number, then hide it using a proxy phone service or get something like GoogleVoice that protects your true number from anyone you don't like.

    Also, you can disable it (not use it). No big deal

    • Re:Truecaller (Score:4, Insightful)

      by Aaden42 ( 198257 ) on Thursday May 04, 2017 @01:49PM (#54356055) Homepage

      No big deal to you.

      Ask everyone in your contact list if they mind their name & number (and possibly the rest of their contact "card" including picture, emails, etc.) being uploaded to some unknown server run by a company with unknown privacy policies.

      • Re:Truecaller (Score:4, Insightful)

        by mysidia ( 191772 ) on Thursday May 04, 2017 @02:03PM (#54356161)

        It's none of their business where you store your contact list. If they trusted you with your phone number; it is your choice what phone and/or what service provider(s) to use. Phone numbers may not be public information, but they're not secret either --- once you give it out, you no longer have strong control over it.

        If you don't want someone storing your contact information on their phone (Which typically includes their cloud-based addressbook Google Contacts, Apple iCloud Contacts, Truecaller, Etc), then do not give that person your phone number.

        • A private individual having your contact details is one thing. A company harvesting and using your personal details for commercial gain without your consent or even an option to opt out, just because a private individual had them, is not allowed in a large number of countries. If nothing else they have no idea if any of those contacts are children and even the USA where everything goes if you are big and have the money to bribe the government have laws against gathering personal information of minors.

          • by mysidia ( 191772 )

            If you are big and have the money to bribe the government have laws against gathering personal information of minors.

            You have to be 18 and show ID, before they allow you to buy a cell phone, even a burner phone.
            Anyways, the phone number is not personal information; a phone number is the network address used to contact you, which is about as public as it gets.

            It's true there are Unlisted numbers.... Robocallers find those too, and generally they will know what your name is too.

            The central benefit of T

            • by Altrag ( 195300 )

              The problem isn't what Truecaller is, the problem is how they go about it:

              - Sudden updates that you aren't expecting. I ran into this as well -- Truecaller kept trying to "update" on my Oneplus, even though it wasn't even installed -- and was requesting all sort of permissions I don't like giving to most apps never mind one that's trying to ninja install itself.

              - Using the word "True" in their name automatically raises peoples' hackles. We tend to automatically distrust anyone who feels the need to say "t

            • You have to be 18 and show ID, before they allow you to buy a cell phone, even a burner phone.

              Where? When I bought my SIM card and activated it (over the phone with a live person), I wasn't required to even give them my name, let alone any identification. All that they asked me is "What area code do you want?"

              • by mysidia ( 191772 )

                Where? When I bought my SIM card and activated it (over the phone with a live person)

                What method of payment did you use? Bitcoin?

                You do know, that if you provide a credit card number, that tells them your identity, And also proves your age, right?
                Seeing as a minor or other state-declared incompetent person is incapable of having signing authority to a bank account, they're unable to get credit cards, cannot sign a cheque, or execute a financial instrument. Or more specifically, anything they s

                • I activated the SIM with a prepaid Mastercard (which are generally available to anyone of any age) and I pay my monthly charge with cash at a T-Mobile store or authorized T-Mobile reseller store.

                  So at what point are they requiring my identification and proof that I am over 18? That's what you claimed:

                  You have to be 18 and show ID, before they allow you to buy a cell phone, even a burner phone.

                  I think it's safe for everyone else to disregard your comment as being a fabrication.

                  • by mysidia ( 191772 )

                    I activated the SIM with a prepaid Mastercard (which are generally available to anyone of any age)

                    Buying a prepaid SIM with a prepaid Mastercard is likely to land you on a FinCEN watchlist. Seriously though, how many kids do you know that would be able to figure out and navigate this process to get their own cellphone, let alone have the cash? In the real world, minors are thousands of times more likely to borrow a parent's phone whose account is owned and managed by the parent.

                    • Buying a prepaid SIM with a prepaid Mastercard is likely to land you on a FinCEN watchlist.

                      Cool. I'm not sure how, since they don't have any information on me, but whatever you say.

                      Seriously though, how many kids do you know that would be able to figure out and navigate this process to get their own cellphone, let alone have the cash?

                      You know I could have easily activated my plan with cash when I purchased the SIM card at the T-Mobile store. The only reason I did it over the phone was because I wanted some time to research all of their plans to find the best one for me.

                      In the real world, minors are thousands of times more likely to borrow a parent's phone whose account is owned and managed by the parent.

                      Not from what I've seen. Most of the kids around here have their own phones.

        • Re:Truecaller (Score:4, Insightful)

          by Gravis Zero ( 934156 ) on Thursday May 04, 2017 @02:31PM (#54356395)

          It's none of their business where you store your contact list. If they trusted you with your phone number; it is your choice what phone and/or what service provider(s) to use.

          What a perfectly selfish attitude. The point is they trusted you with the number and you turned around and gave it to a company without asking if it was ok. I would call that a breach of trust.

          • It's a phone number. It's about the most publicly trustworthy piece of information you can give out. There was a time where simply having one would result in it being printed in a giant book which got delivered to *everyone*.

          • by mysidia ( 191772 )

            These days you CANNOT help but to do that, period. If you put the contact in your Outlook address book, it's going to the Microsoft cloud, and now you've sent it to Microsoft, and Microsoft's EULA allows them to do whatever they want with it. If you put the contact in your iPhone, it's going to sync to iCloud, and now Apple has it, and if you put the contact in your Android phone,
            Google will now have it. So WTF are we worried about an Anti-Spam/Anti-Telemarketing service having

      • Man are they going to be pissed when they hear about phonebooks. These privacy invading tools used to be delivered to door steps and told everyone else how they could contact you. Just imagine. Society itself would break down.

  • by Anonymous Coward

    went out the window when you decided to buy a phone whose operating system was designed by an advertising company.

  • So, it would be interesting to see how far wrong you can go with crowdsourcing this sort of information. Get a new phone, new number, enter your own detail as mis-information, wrong name, nickname, bogus details..see how far, or how long that gets spread around.

    • by Altrag ( 195300 )

      Two outcomes here:

      - You spread it around far and wide until people recognize you as this "wrong" name. It is now essentially an identity of yours, in the same way that "lionchild" is an identity of yours, even if its not the real name as given on your birth certificate or drivers license. If people can identify you by a given piece of name (or other information,) then that name is pretty much by definition one of your identities, even if you don't want it to be.

      - You don't spread it very far. In which ca

  • by Artem S. Tashkinov ( 764309 ) on Thursday May 04, 2017 @02:04PM (#54356165) Homepage

    So even if you've never used the service, your name and number could be on Truecaller's database, thanks to someone else who's saved your contact details and allowed the app to access them.

    It's not about only Truecaller. Even if you own a dumb phone, your friends have at least one instant messenger (WhatsApp, FB Messenger, Viber, LINE, Telegram, Skype, etc. etc. etc.) installed which knows your name, and in certain cases your home address and other data (your friends might have added your personal data to their address book).

    If you want to remain private in this world, you cannot own a phone number at all.

    • Phone number? You must be referring to the UUII (universal uniform integrated identifier).

      I hear the new generation will be blood powered and built in.

    • by antdude ( 79039 )

      More like you need to be off the grid. No Internet, phones, snail mails, credit cards, etc.

    • by AmiMoJo ( 196126 )

      How is it any different to email? If you have an email address, you can bet that multiple email services know your email address and name.

      You can't stop information like that from getting out. What you do is get the law changed so that companies can't abuse it.

    • The irony is that you're talking as if this hasn't been a thing for 100 years:

      https://kingydesignhistory2012... [wordpress.com]

  • Thank you.
  • by rlk ( 1089 ) on Thursday May 04, 2017 @02:30PM (#54356393)

    I receive a lot of phone spam. I don't want to have to be interrupted each time I receive a call to answer it and figure out what it is. Without crowdsourcing, how is any of this going to work?

    • Phone spam should probably be nipped at the bud with transnational level coordination and deterrents. I'd imagine VOIP providers are part of the problem and they should be part of the solution as well.

      Other technical solutions could involve initially higher call charges (credited to the receiver) until a call is accepted; e.g. it lasts a certain length of time implying acceptance and regular charging is applied, or requiring the caller with unknown and unregistered number to pass a voice captcha.

      The crowdso

  • by Anonymous Coward on Thursday May 04, 2017 @02:34PM (#54356425)

    Truecaller’s app is allowed to collect...
    (scary list of stuff snipped)...
    The app’s terms of service offer an important addendum: “If you provide us with personal information about someone else, you confirm that they are aware that You [sic] have provided their data and that they consent to our processing of their data according to our Privacy Policy.”

    That's a pretty darn weak fig leaf. In most legal jurisdictions, a third party can't make a legally binding commitment on my behalf merely by asserting that they told me about it and I was OK with it.

    I suppose the intent is to try to shift liability in the event someone sues them. "Sure, we collected your data, but Bob gave it to us and told us you were OK with it. So take it up with Bob!" I am dubious that they would succeed with such an argument, but I guess maybe it's slightly better than nothing?

  • Root the device, remove the App from the System Partition.

    I have my Phone such that my Instant messenger Protocols connect to an ejabberd server running Spectrum 2. Spectrum 2 then connects to AIM/YIM/Skype (well, not FaceBook because I don't use FaceBook, and I am proud o fthat. but there is a FaceBook Module.) or whatever other IM Medium I like. To the unobservant person, it just looks like I am chatting via my home Internet connection.

  • by schwit1 ( 797399 ) on Thursday May 04, 2017 @03:42PM (#54356913)
    Is there anything it DOESN'T require access to? BTW, Truecaller will refuse to start if you disable any of these permissions under settings/apps

    This app has access to:
    In-app purchases

    Identity
    - find accounts on the device
    - add or remove accounts
    - read your own contact card

    Calendar
    - read calendar events plus confidential information

    Contacts
    - find accounts on the device
    - read your contacts
    - modify your contacts

    Location
    - approximate location (network-based)
    - precise location (GPS and network-based)

    SMS
    - read your text messages (SMS or MMS)
    - receive text messages (MMS)
    - receive text messages (SMS)
    - send SMS messages
    - edit your text messages (SMS or MMS)

    Phone
    - directly call phone numbers
    - directly call any phone numbers
    - modify phone state
    - reroute outgoing calls
    - read call log
    - read phone status and identity
    - write call log
    - add voicemail

    Photos/Media/Files
    - read the contents of your USB storage
    - modify or delete the contents of your USB storage

    Storage
    - read the contents of your USB storage
    - modify or delete the contents of your USB storage

    Microphone
    - record audio

    Wi-Fi connection information
    - view Wi-Fi connections

    Device ID & call information
    - read phone status and identity

    Other
    - use any media decoder for playback
    - bind to a notification listener service
    - download files without notification
    - MMS Wakeup
    - read voicemail
    - write voicemails
    - receive data from Internet
    - view network connections
    - create accounts and set passwords
    - change network connectivity
    - disable your screen lock
    - full network access
    - change your audio settings
    - control Near Field Communication
    - run at startup
    - draw over other apps
    - use accounts on the device
    - control vibration
    - prevent device from sleeping
    - modify system settings
    - install shortcuts
    - uninstall shortcuts

    • by Anonymous Coward

      I have a Wileyfox Swift running 7.1.1, and my Trucaller app has permission to access:

      Contacts (needed to phone people in my contact list),
      Microphone (I might be able to make calls without this, but only very quiet ones),
      SMS (for sending messages),
      Telephone (for sending calls).

      It also requested (but was not given) access to:

      Calendar, Location and Storage.

      And it works just fine.

  • by MobyDisk ( 75490 ) on Thursday May 04, 2017 @04:00PM (#54357065) Homepage

    There are two problems with this:
    1) I put you in my phone's contact list as "Total Moron, don't answer this." That's why nobody is answering your calls any more.
    2) Wouldn't you expect a product named "Wiley Fox Swift" to pull fast one on you? It could not have been more obvious if they had named it "The GonnaStealYourPersonalData 1000"

  • You may like to read:

    World Reacts To The Worst Mass Shooting In U.S. History

    Fuck's sake, Slashdot - don't leave year-old stories like this lying around.

  • by WolfgangVL ( 3494585 ) on Thursday May 04, 2017 @07:35PM (#54358141)

    How many times must these devices betray you before you just go back to remembering things like you used to? Every week with some new mobile phone disaster is sure getting old.

    MY whole family ditched our smartphones over 2 years ago. A mobile phone IS required for select things, over the course of maybe a week each... maybe twice a year. I buy a dumb burner phone with $3.00 worth of prepaid sim card when I MUST have one, I share the number with only the contacts that must have it, and store nothing in the address book. As soon as that's over it goes in the trash. I can summon emergency services online from any internet connection.

    It's just not worth it, it's to invasive, and it's always listening. It costs way to much, It's designed from the damn ground up to sell you shit you don't need, it's terribly insecure, and worst of all, it is designed to be replaced within.. what... 2 years for another $1000? GTFO.

    My personal data, contacts, whereabouts, shopping habits, political affiliation, favorite color, sexual preference, and whatever else they've begun to collect over the past few years are worth so much more to me (and them) than access to some shitty app-store full info stealing novelties and shitty flash games. My privacy and personal data trumps the convenience that comes with carrying somebody else's computer in my pocket. What a fucking terrible deal, and we pay for the pleasure.

    My employer don't like it, I told them I'd carry a phone if they foot the bill. Off the clock means off the clock, and on call means on call.

    People look at me funny, (or just don't believe me) when I say I don't have a phone number. I look at them funny when they fall over the curb looking for fucking pokemon.

    Everybody around me is so in love with the screen that all I need to do is muse out loud, "I wonder that the answer to this question is?" and everybody falls all over themselves racing to google it, to justify the $1000 shitty gaming platform in their pockets, and show off expensive status symbol. Boy. The guy who answers first sure is a cool cat.

    It's pretty disturbing after a while, once you break away from the thing yourself, seeing the way mobile phones consume the people around you. Waiting rooms absolutely disgust me now, and long lines for anything are 10x more terrible than they used to be.

    There was a time, not that long ago, when people actually put in the effort to learn things.

    I'm rambling now. Just do yourself a favor, ditch the smart-phone, it's making you dumber.

    • by Kokuyo ( 549451 )

      Bullshit.

      The amount of factoids accumulated in my brain due to googling everything is greater than ever before! ;)

      Seriously, though, I don't want to give up my smartphone. There's a lot of waiting to be done on a normal day (you mentioned some examples) and I really see no difference in reading an article that doesn't really interest me in a magazine and browsing 9gag.

      It's a way to pass time. Don't tell me you always keep something "new to learn" handy whenever you stand in line somewhere or are waiting for

    • There was a time, not that long ago, when people actually put in the effort to learn things.

      I'm rambling now. Just do yourself a favor, ditch the smart-phone, it's making you dumber.

      We still do learn things. We just don't learn pointless things that can be stored somewhere it is always accessible.

      But given the content of your post, may I be able to interest you in a family pack of tinfoil?

  • Between greedy marketeers and semi-competent developers trying to get apps to behave is a lost cause. (For example, I had a fruitless exchange with the customer support on an IoT controller app that was demanding access to phone privilege - they simply didn't get that it was an issue). Our best hope is probably spoofing. It's fine if the app can see that I spend most of my time in Ulan Baator hanging out with Mickey Mouse. But since Xprivacy hasn't got active development I'm not sure what the best spoofing

You are always doing something marginal when the boss drops by your desk.

Working...