User Expresses Privacy Concerns After Software Update Replaces Default Phone App (martinruenz.de) 95
An anonymous reader writes: Since I am not living in my home country, I frequently use two different SIM cards and prefer having a phone with dual-sim support. This limits your choice significantly when buying a new device and last time I bought one, I opted for the Wileyfox Swift. It was cheap, had most features I desired and shipped with CyanogenMod (Android) -- which, I thought, might indicate that Wileyfox delivers a slim, privacy-aware system. Yesterday, I was delighted to see that Wileyfox provides an update to a new version of Android (7.1.1) and I didn't hesitate long to install the upgrade. Concerns that the hardware might not hold-up to the new system showed to be unfounded and everything seemed to work just fine. But when I realised that the dialler now labelled itself as 'truecaller' -- something I had never heard of, shoot, I didn't even know the dialler is an app -- it gave rise to a bad suspicion: Is some of my phone's core functionality now provided by a 3rd-party app? Indeed. Does it respect my privacy? No. Can I uninstall it again? No. Was I ever asked to comply with their terms and conditions? Of course not. On top of this, Truecaller doesn't seem to have a clean background. Here's how an Indian daily (Truecaller seems to be popular in emerging regions) described the app: Truecaller is a popular app that shows you contact details of unknown numbers calling you. It crowdsources contact details from all its users' address books. So even if you've never used the service, your name and number could be on Truecaller's database, thanks to someone else who's saved your contact details and allowed the app to access them.
Wileyfox Swift Owner here.. (Score:3, Interesting)
Caught the fscking dialer thing trying to connect to both Facebook and Yandex after the OS upgrade at the weekend...just as well I've a Firewall installed on the thing in default block mode (though I'll bet there's a slimeball way round that..), just as well I have other OS options which I'll be exploring this weekend.
Not happy, quite a greasy move on their part.
Re: (Score:1)
Re:Wileyfox Swift Owner here.. (Score:4, Insightful)
GIven the shady behavior, I have to question whether the phone uses actual CyanogenMod (or rather, LineageOS [wikipedia.org], these days), or if it uses a vendor-controlled fork of CyanogenMod that the vendor infected with malware. It could be that everyone who bought the device was trojaned from the beginning and didn't realize it because of the branding.
Re: (Score:2)
Cyanogen started including Truecaller a few years ago in official ROMs. Lineage OS doesn't include Truecaller, but you can install it yourself.
Re: (Score:3)
Okay, let's cut some bullshit. I have Truecaller on Cyanogen and my firewall logs show no connections to either Facebook or Yandex. Maybe you enabled the Facebook integration option. In any case, why didn't you just flip the switch that turns off Truecaller entirely? It's right there in the dialer options.
Truecaller operates under EU privacy rules. Show me some logs and I'll report any violations for you.
Truecaller (Score:2)
I've used Cyanogen when it had TrueCaller Support. It was very helpful in weeding out unsolicited phone calls (robo-calls, telemarketers etc). A phone number should identify who is calling. If you don't want people to know your number, then hide it using a proxy phone service or get something like GoogleVoice that protects your true number from anyone you don't like.
Also, you can disable it (not use it). No big deal
Re:Truecaller (Score:4, Insightful)
No big deal to you.
Ask everyone in your contact list if they mind their name & number (and possibly the rest of their contact "card" including picture, emails, etc.) being uploaded to some unknown server run by a company with unknown privacy policies.
Re:Truecaller (Score:4, Insightful)
It's none of their business where you store your contact list. If they trusted you with your phone number; it is your choice what phone and/or what service provider(s) to use. Phone numbers may not be public information, but they're not secret either --- once you give it out, you no longer have strong control over it.
If you don't want someone storing your contact information on their phone (Which typically includes their cloud-based addressbook Google Contacts, Apple iCloud Contacts, Truecaller, Etc), then do not give that person your phone number.
Re: (Score:3)
A private individual having your contact details is one thing. A company harvesting and using your personal details for commercial gain without your consent or even an option to opt out, just because a private individual had them, is not allowed in a large number of countries. If nothing else they have no idea if any of those contacts are children and even the USA where everything goes if you are big and have the money to bribe the government have laws against gathering personal information of minors.
Re: (Score:2)
If you are big and have the money to bribe the government have laws against gathering personal information of minors.
You have to be 18 and show ID, before they allow you to buy a cell phone, even a burner phone.
Anyways, the phone number is not personal information; a phone number is the network address used to contact you, which is about as public as it gets.
It's true there are Unlisted numbers.... Robocallers find those too, and generally they will know what your name is too.
The central benefit of T
Re: (Score:2)
The problem isn't what Truecaller is, the problem is how they go about it:
- Sudden updates that you aren't expecting. I ran into this as well -- Truecaller kept trying to "update" on my Oneplus, even though it wasn't even installed -- and was requesting all sort of permissions I don't like giving to most apps never mind one that's trying to ninja install itself.
- Using the word "True" in their name automatically raises peoples' hackles. We tend to automatically distrust anyone who feels the need to say "t
Re: (Score:2)
Even more so when the person doesn't have your name but some nickname for you... for all you know it could be showing something along the lines of "snookums", "sexy ass" or "dad" or if for instance the number was harvested from the phone from an Ex "evil nasty {insert combinations of various 4 letter words here}"
Re: (Score:2)
You have to be 18 and show ID, before they allow you to buy a cell phone, even a burner phone.
Where? When I bought my SIM card and activated it (over the phone with a live person), I wasn't required to even give them my name, let alone any identification. All that they asked me is "What area code do you want?"
Re: (Score:2)
Where? When I bought my SIM card and activated it (over the phone with a live person)
What method of payment did you use? Bitcoin?
You do know, that if you provide a credit card number, that tells them your identity, And also proves your age, right?
Seeing as a minor or other state-declared incompetent person is incapable of having signing authority to a bank account, they're unable to get credit cards, cannot sign a cheque, or execute a financial instrument. Or more specifically, anything they s
Re: (Score:2)
I activated the SIM with a prepaid Mastercard (which are generally available to anyone of any age) and I pay my monthly charge with cash at a T-Mobile store or authorized T-Mobile reseller store.
So at what point are they requiring my identification and proof that I am over 18? That's what you claimed:
You have to be 18 and show ID, before they allow you to buy a cell phone, even a burner phone.
I think it's safe for everyone else to disregard your comment as being a fabrication.
Re: (Score:2)
I activated the SIM with a prepaid Mastercard (which are generally available to anyone of any age)
Buying a prepaid SIM with a prepaid Mastercard is likely to land you on a FinCEN watchlist. Seriously though, how many kids do you know that would be able to figure out and navigate this process to get their own cellphone, let alone have the cash? In the real world, minors are thousands of times more likely to borrow a parent's phone whose account is owned and managed by the parent.
Re: (Score:2)
Buying a prepaid SIM with a prepaid Mastercard is likely to land you on a FinCEN watchlist.
Cool. I'm not sure how, since they don't have any information on me, but whatever you say.
Seriously though, how many kids do you know that would be able to figure out and navigate this process to get their own cellphone, let alone have the cash?
You know I could have easily activated my plan with cash when I purchased the SIM card at the T-Mobile store. The only reason I did it over the phone was because I wanted some time to research all of their plans to find the best one for me.
In the real world, minors are thousands of times more likely to borrow a parent's phone whose account is owned and managed by the parent.
Not from what I've seen. Most of the kids around here have their own phones.
Re:Truecaller (Score:4, Insightful)
It's none of their business where you store your contact list. If they trusted you with your phone number; it is your choice what phone and/or what service provider(s) to use.
What a perfectly selfish attitude. The point is they trusted you with the number and you turned around and gave it to a company without asking if it was ok. I would call that a breach of trust.
Re: (Score:2)
you have betrayed them and deserve to have your face smashed in for it.
They have done no such thing, and this is how you wind up in the insane asylum or prison.
There may be an etiquette violation if a friend submits your e-mail address or phone to a 3rd party who then spams you, but that's about it.
As for storing your contacts in a 3rd party cloud with a provider who is allowed to process the data, If you don't do it, then you can bet a half dozen others Are doing it.
Helll.... Most people use Faceb
Re: (Score:3)
It's a phone number. It's about the most publicly trustworthy piece of information you can give out. There was a time where simply having one would result in it being printed in a giant book which got delivered to *everyone*.
Re: (Score:2)
These days you CANNOT help but to do that, period. If you put the contact in your Outlook address book, it's going to the Microsoft cloud, and now you've sent it to Microsoft, and Microsoft's EULA allows them to do whatever they want with it. If you put the contact in your iPhone, it's going to sync to iCloud, and now Apple has it, and if you put the contact in your Android phone,
Google will now have it. So WTF are we worried about an Anti-Spam/Anti-Telemarketing service having
Re: (Score:2)
But I just tapped the option to skip that. You don't have to enter one. Seriously, I have never had a Google account, ever.
Which does nothing to prevent Google from gathering data about your contacts, it only means you can't take advantage of convenience features such as syncing your devices together.
Re: (Score:2)
The answer is absolutely yes. It is really convenient by the way.... You can enter your contacts on your computer; Name, Email address, Phone number, Or just import them, AND your new contacts will automatically appear on your phone and vice-versa.
Re:Truecaller (Score:5, Insightful)
There's a spectrum of acceptability here. I was* okay with Google knowing my contacts because it's clearly necessary in order to (for example) make Gmail or Google Voice work properly. However, I'm not okay with LinkedIn exfiltrating my entire address book just because I installed their Android app (because my entire list of contacts is absolutely not either required nor desired in order to use LinkedIn). This Truecaller app is even worse than that.
(* This was before they started tying everything to everything else such that contact info now shows up in Google Maps and whatnot. Now I'm in the process of ditching Google entirely.)
Re: (Score:3)
Man are they going to be pissed when they hear about phonebooks. These privacy invading tools used to be delivered to door steps and told everyone else how they could contact you. Just imagine. Society itself would break down.
Re: (Score:2)
As opposed to the original Default default App which uploads all your registered contacts to Google?
Your privacy concerns (Score:1)
went out the window when you decided to buy a phone whose operating system was designed by an advertising company.
Re: (Score:1)
Maybe they just changed the icon as part of the upgrade and this douche suddenly noticed it?
Nope, not the 'this douche' you refer to here...quite another douche, with a couple of douchelicious observations.
Truecaller was available as an option before the upgrade, but then this upgrade replaced the default dialler with truecaller, on a non-rooted phone there isn't an obvious app marked Truecaller to be removed/replaced.
The thing that is mostly annoying me, before installing the update I did a cursory sweep of the forums for any potential 'Gotchas' , on one of them some wonk from Wileyfox muttered s
Re:Cyanogen had truecaller for years... (Score:4, Interesting)
Facebook works by having each account defined as a hierarchical tree of information for each person; comments, photographs, links, account image. These are updated by making HTTP/HTTPS transactions to graph.facebook.com and other servers. I often find applications connecting to facebook to check for updates and goodness knows what else.
Dis-information.. (Score:2)
So, it would be interesting to see how far wrong you can go with crowdsourcing this sort of information. Get a new phone, new number, enter your own detail as mis-information, wrong name, nickname, bogus details..see how far, or how long that gets spread around.
Re: (Score:2)
Two outcomes here:
- You spread it around far and wide until people recognize you as this "wrong" name. It is now essentially an identity of yours, in the same way that "lionchild" is an identity of yours, even if its not the real name as given on your birth certificate or drivers license. If people can identify you by a given piece of name (or other information,) then that name is pretty much by definition one of your identities, even if you don't want it to be.
- You don't spread it very far. In which ca
There's no privacy in this world any longer (Score:5, Informative)
So even if you've never used the service, your name and number could be on Truecaller's database, thanks to someone else who's saved your contact details and allowed the app to access them.
It's not about only Truecaller. Even if you own a dumb phone, your friends have at least one instant messenger (WhatsApp, FB Messenger, Viber, LINE, Telegram, Skype, etc. etc. etc.) installed which knows your name, and in certain cases your home address and other data (your friends might have added your personal data to their address book).
If you want to remain private in this world, you cannot own a phone number at all.
Re: (Score:2)
Some people prefer to be ex-directory. It reduces the chance of being cold-called by sales people.
Re: (Score:2)
Heh. That just brought to mind a potentially very nefarious purpose for this tech. When a salesdrone or scammer or whoever calls that's paid Truecaller the monies, they push one of your friends' names instead of the real caller's identity. They must be checking their servers for at least each new unidentified caller, if not for every caller (and just recheck the id every time) so there's nothing stopping them from pushing whatever random BS they feel like if they decide to be underhanded about it in orde
Re: (Score:1)
Phone number? You must be referring to the UUII (universal uniform integrated identifier).
I hear the new generation will be blood powered and built in.
Re: (Score:2)
More like you need to be off the grid. No Internet, phones, snail mails, credit cards, etc.
Re: (Score:2)
How is it any different to email? If you have an email address, you can bet that multiple email services know your email address and name.
You can't stop information like that from getting out. What you do is get the law changed so that companies can't abuse it.
Re: (Score:2)
The irony is that you're talking as if this hasn't been a thing for 100 years:
https://kingydesignhistory2012... [wordpress.com]
Good post MsMash (Score:2)
So, other suggestions for a spam blocker? (Score:3)
I receive a lot of phone spam. I don't want to have to be interrupted each time I receive a call to answer it and figure out what it is. Without crowdsourcing, how is any of this going to work?
Re: (Score:2)
Re: (Score:2)
Phone spam should probably be nipped at the bud with transnational level coordination and deterrents. I'd imagine VOIP providers are part of the problem and they should be part of the solution as well.
Other technical solutions could involve initially higher call charges (credited to the receiver) until a call is accepted; e.g. it lasts a certain length of time implying acceptance and regular charging is applied, or requiring the caller with unknown and unregistered number to pass a voice captcha.
The crowdso
TOS wouldn't fly in most jurisdictions (Score:3, Insightful)
That's a pretty darn weak fig leaf. In most legal jurisdictions, a third party can't make a legally binding commitment on my behalf merely by asserting that they told me about it and I was OK with it.
I suppose the intent is to try to shift liability in the event someone sues them. "Sure, we collected your data, but Bob gave it to us and told us you were OK with it. So take it up with Bob!" I am dubious that they would succeed with such an argument, but I guess maybe it's slightly better than nothing?
Root the device, remove the App from the System. (Score:3)
Root the device, remove the App from the System Partition.
I have my Phone such that my Instant messenger Protocols connect to an ejabberd server running Spectrum 2. Spectrum 2 then connects to AIM/YIM/Skype (well, not FaceBook because I don't use FaceBook, and I am proud o fthat. but there is a FaceBook Module.) or whatever other IM Medium I like. To the unobservant person, it just looks like I am chatting via my home Internet connection.
Truecaller's permission requirements, WTF? (Score:5, Informative)
This app has access to:
In-app purchases
Identity
- find accounts on the device
- add or remove accounts
- read your own contact card
Calendar
- read calendar events plus confidential information
Contacts
- find accounts on the device
- read your contacts
- modify your contacts
Location
- approximate location (network-based)
- precise location (GPS and network-based)
SMS
- read your text messages (SMS or MMS)
- receive text messages (MMS)
- receive text messages (SMS)
- send SMS messages
- edit your text messages (SMS or MMS)
Phone
- directly call phone numbers
- directly call any phone numbers
- modify phone state
- reroute outgoing calls
- read call log
- read phone status and identity
- write call log
- add voicemail
Photos/Media/Files
- read the contents of your USB storage
- modify or delete the contents of your USB storage
Storage
- read the contents of your USB storage
- modify or delete the contents of your USB storage
Microphone
- record audio
Wi-Fi connection information
- view Wi-Fi connections
Device ID & call information
- read phone status and identity
Other
- use any media decoder for playback
- bind to a notification listener service
- download files without notification
- MMS Wakeup
- read voicemail
- write voicemails
- receive data from Internet
- view network connections
- create accounts and set passwords
- change network connectivity
- disable your screen lock
- full network access
- change your audio settings
- control Near Field Communication
- run at startup
- draw over other apps
- use accounts on the device
- control vibration
- prevent device from sleeping
- modify system settings
- install shortcuts
- uninstall shortcuts
Re: (Score:1)
I have a Wileyfox Swift running 7.1.1, and my Trucaller app has permission to access:
Contacts (needed to phone people in my contact list),
Microphone (I might be able to make calls without this, but only very quiet ones),
SMS (for sending messages),
Telephone (for sending calls).
It also requested (but was not given) access to:
Calendar, Location and Storage.
And it works just fine.
Two problems here (Score:3)
There are two problems with this:
1) I put you in my phone's contact list as "Total Moron, don't answer this." That's why nobody is answering your calls any more.
2) Wouldn't you expect a product named "Wiley Fox Swift" to pull fast one on you? It could not have been more obvious if they had named it "The GonnaStealYourPersonalData 1000"
You may like to read: (Score:2)
You may like to read:
World Reacts To The Worst Mass Shooting In U.S. History
Fuck's sake, Slashdot - don't leave year-old stories like this lying around.
Ditch the "smart" phone (Score:4, Interesting)
How many times must these devices betray you before you just go back to remembering things like you used to? Every week with some new mobile phone disaster is sure getting old.
MY whole family ditched our smartphones over 2 years ago. A mobile phone IS required for select things, over the course of maybe a week each... maybe twice a year. I buy a dumb burner phone with $3.00 worth of prepaid sim card when I MUST have one, I share the number with only the contacts that must have it, and store nothing in the address book. As soon as that's over it goes in the trash. I can summon emergency services online from any internet connection.
It's just not worth it, it's to invasive, and it's always listening. It costs way to much, It's designed from the damn ground up to sell you shit you don't need, it's terribly insecure, and worst of all, it is designed to be replaced within.. what... 2 years for another $1000? GTFO.
My personal data, contacts, whereabouts, shopping habits, political affiliation, favorite color, sexual preference, and whatever else they've begun to collect over the past few years are worth so much more to me (and them) than access to some shitty app-store full info stealing novelties and shitty flash games. My privacy and personal data trumps the convenience that comes with carrying somebody else's computer in my pocket. What a fucking terrible deal, and we pay for the pleasure.
My employer don't like it, I told them I'd carry a phone if they foot the bill. Off the clock means off the clock, and on call means on call.
People look at me funny, (or just don't believe me) when I say I don't have a phone number. I look at them funny when they fall over the curb looking for fucking pokemon.
Everybody around me is so in love with the screen that all I need to do is muse out loud, "I wonder that the answer to this question is?" and everybody falls all over themselves racing to google it, to justify the $1000 shitty gaming platform in their pockets, and show off expensive status symbol. Boy. The guy who answers first sure is a cool cat.
It's pretty disturbing after a while, once you break away from the thing yourself, seeing the way mobile phones consume the people around you. Waiting rooms absolutely disgust me now, and long lines for anything are 10x more terrible than they used to be.
There was a time, not that long ago, when people actually put in the effort to learn things.
I'm rambling now. Just do yourself a favor, ditch the smart-phone, it's making you dumber.
Re: (Score:2)
Bullshit.
The amount of factoids accumulated in my brain due to googling everything is greater than ever before! ;)
Seriously, though, I don't want to give up my smartphone. There's a lot of waiting to be done on a normal day (you mentioned some examples) and I really see no difference in reading an article that doesn't really interest me in a magazine and browsing 9gag.
It's a way to pass time. Don't tell me you always keep something "new to learn" handy whenever you stand in line somewhere or are waiting for
Re: (Score:2)
There was a time, not that long ago, when people actually put in the effort to learn things.
I'm rambling now. Just do yourself a favor, ditch the smart-phone, it's making you dumber.
We still do learn things. We just don't learn pointless things that can be stored somewhere it is always accessible.
But given the content of your post, may I be able to interest you in a family pack of tinfoil?
Best spoofing suggestion? (Score:1)