Truecaller Statement
Truecaller
Mar 10, 20226 min read
This is in response to the article about Truecaller posted on Rest of World and Caravan India.
Ms Rachna Khaira contacted us in January 2022 with several questions about Truecaller seeking inputs for a story. We have been supportive, honest, and forthcoming with all our responses. However, not much has been included from our responses and there are several inaccuracies in the article which we would like to highlight below.
In response, we would like to assure all Truecaller users that their data is safe. Truecaller does not sell user data. We care deeply about our users and their data, and would like to assure them that we securely handle their data and process it as per our Privacy Policy.
We have stringent security and governance measures in place and a strong DNA in the company to do what is best for our users, period. We're building great things that continue to have a positive impact on millions of people around the world. And we will continue on our mission to build trust in communication.
Excerpt from the article “They sent me another screenshot of a notification sent by Truecaller, which stated that my number was registered on WhatsApp.”
Truecaller's response: This refers to an Android API which exists for user convenience. It’s there so that other apps can call or request for WhatsApp to be opened. We do not actually know if a user is on WhatsApp or not, we simply show the WhatsApp button as a convenience for users. We know that people use Truecaller to communicate with unsaved numbers so we simply try to invoke WhatsApp and lead the user to that point - to initiate a conversation. This is a way for apps to link to each other - in no way does it share information. Literally any app developer can provide a button on their app to open WhatsApp the way we do.
Excerpt from the article: That we tap “free authentication of application-programming interfaces (APIs) and software development kits (SDKs) as a data source”
Truecaller's response: This is false. The main functionality of the SDK is to reduce friction in the sign up of an app by removing the ‘one-time password’ step. This is a convenience feature, built with user feedback, so that users can sign in to new services with a single tap. For developers, it offers a smoother onboarding of new users. The only thing they get is the verified name and phone number of the user.
Excerpt from the article: “If you want access to caller ID features and the app’s other functions, then you have to give up your contacts, so other users can access the same functions.”
Truecaller's response: This is not true. We stay committed to providing the best user experience and being transparent about monetisation. All of Truecaller’s core features (caller ID, spam blocking, SMS categorisation and SMS spam blocking) remain free and unrestricted. Ads on our platform are the largest contributor towards revenues.
Excerpt from the article: “In such cases (of pre-installs), most users have granted access to share the names, numbers, Google IDs, and email addresses of their contacts because a feature called “Enhanced Search” is auto-checked.”
Truecaller's response: This is factually incorrect - Enhanced Search is never auto-checked and is consent driven irrespective of where the app is downloaded from.
Excerpt from the article: “if someone has saved a spam phone number as “chor ka phone mat uthaiyo” — don’t pick up when this thief calls — it will be listed exactly like that in Truecaller’s database for global identification.”
Truecaller's response: While it is true that there could be numbers with long, irrelevant or descriptive terms, it is something that we are constantly correcting. Our teams are constantly blacklisting offensive words used as names or descriptors in our Caller ID Services. The source of this information is what we call the ‘After Call Screen’. At the end of every call, we allow our users to correct or assign a name to the number from whom they received the call. Sometimes, users get creative with their names and this is something we do not encourage.
Excerpt from the article: “your phone number — possibly with your professional identity — is ready to be viewed by the whole world.”
Truecaller's response: This is not true because you cannot input a name into Truecaller and get a number. You can only input a number and get a likely name associated with that number. This could be a spammer, scammer, harasser or someone that you do want to receive calls from.
Excerpt from the article: “The SDK enables user verification of unregistered customers by making a dropped call—triggered by the user number in the background to complete the verification flow. It should be noted here that, due to the lack of stringent privacy laws, this option is currently available only in India.”
Truecaller's response: This is not correct. In case the user is not a Truecaller user, he/she will have to manually enter their phone number in order to complete the onboarding process for a new service. Apart from India, the SDK is also available to developers and users globally. For instance, our own app Guardians can use the SDK to onboard users globally. Another example we can state is services like Jiji and Little Cabs in Kenya that also use the SDK.
Excerpt from the article: “In June 2020, an assistant manager with a national bank, who did not want to be named because they did not want to jeopardize their safety, moved to Bangladesh to join a partner employed with India’s diplomatic mission. Once they reached Bangladesh, the regular SMS feature on their device stopped working due to the service provider’s rules, the bank employee told The Caravan. However, the bank employee was still receiving SMS notifications, including one-time passwords for every online transaction, through the Truecaller app installed on their phone. They shared screenshots of some of these messages with The Caravan, featuring the logo of the national bank, their bank balance, and the last four digits of the account number on every message. This leads to the question of whether Truecaller has access to SMS content and is able to witness every “secret handshake” — OTP-based financial transactions — with a bank.”
Truecaller's response: This is incorrect. Truecaller never reads your SMS messages. Truecaller works like any other SMS application and only displays SMSes that are received on the mobile device via the network carrier. This is the only source for the SMS that is visible in the Truecaller application.
All SMS features such as the categoriser (automatic sorting of SMS under different heads), built in spam/scam protection, automatic reminders (for bill payments), smart cards (only useful information, presented in an easy-to-read format), inbox cleaner (automatic clean up of old OTPs and junk) and grouping of SMS with correct sender names & company logos - are all built using machine learning models that are designed to work on the user's device locally. All the processed information remains securely on your device and is not uploaded anywhere.
On background - you can read more about it in the article Can Truecaller read my messages?
Excerpt from the article: “Apart from tracking your calls, their duration, and your most and least favorite contacts, the Truecaller software can build your detailed financial profile, as it has access to your SMS [messages],” the former employee said. They confirmed that the company’s algorithm can read the content of text messages. “With a special feature called ‘SMS categorizer,’ the Truecaller software is able to recognize personal, high-priority [bank OTPs and transactions], and also spam messages of its registered user.” This ability, they added, could allow the app to send loan offers to people when their bank balance goes below a certain number. Truecaller already has a short-term loan offer up to 5 lakh rupees (around $6,600) for registered users without much paperwork. The company also has a financial partnership with firms such as WhizDM Innovations, which offers personal loans.
Truecaller's response: This is false - Truecaller is not interested in building or collecting financial profiles of its users. Truecaller exited the UPI and payments business in March 2021. It is true that Truecaller, at one point, offered digital loans through NBFC partners as a trial (based on consumer request). This option is not available anymore. Users interested in availing personal loans would have to agree to provide certain documents to the NBFC partners and explicitly agree to provide their phone number for purposes of a credit check. Truecaller did not have access to and nor did it store any of this information.
For more information, reach out to support@truecaller.com.
Truecaller
Mar 10, 20226 min read