Robocall Blocking Apps Caught Sending Your Private Data Without Permission (techcrunch.com) 37
Robocall-blocking apps promise to rid your life of spoofed and spam phone calls. But are they as trustworthy as they claim to be? From a report: One security researcher said many of these apps can violate your privacy as soon as they are opened. Dan Hastings, a senior security consultant cybersecurity firm NCC Group, analyzed some of the most popular robocall-blocking apps -- including TrapCall, Truecaller, and Hiya -- and found egregious privacy violations. [...] Many of these apps, said Hastings, send user or device data to third-party data analytics companies -- often to monetize your information -- without your explicit consent, instead burying the details in their privacy policies. One app, TrapCall, sent users' phone numbers to a third-party analytics firm, AppsFlyer, without telling users -- either in the app nor in the privacy policy. He also found Truecaller and Hiya uploaded device data -- device type, model and software version, among other things -- before a user could accept their privacy policies.
Similar apps (Score:1)
Re: (Score:3)
Drop your pants, bend over, and grab your ankles. I really doesn't matter which way you point your ass now. Someone is going to fuck you over.
Re: (Score:2)
Yes, I wished they would have listed some white-list choices. I use something called Call Control for Android. It sees pretty good, it works very well and blocks calls without even 1 ring if targeted.
I tried 5 or 6 different ones and almost all of them fucked off and stopped blocking calls after a day or two. I don't know if they were compromised, or just poorly written, or they somehow timed out or some crap like that, but somehow they started leaking the spam calls through eventually. So far, Call Con
Why do we let them do this? (Score:5, Insightful)
Our mobile operating systems let apps get far too much data from our phones with minimal or no interaction for permissions. Why do these inbound call blocking apps even need to know my phone number?
It's been the same problem for over a decade now and there is no fix from the Android team.
The permissions should be detailed, down to the individual data elements, so that when I install or launch an app I can see that "This app can see your phone number", "This app can see your IEMI", "This app can see your email address", not "This app needs to control your phone". .. And for any of these, the OS should allow me to deny or spoof them. The stock OS.
Re: (Score:2)
Our mobile operating systems let apps get far too much data from our phones with minimal or no interaction for permissions.
Isn't it obvious why? Android is maintained by Google that make all their money by collecting data about you.
Re: (Score:2)
Which should be the killer argument in favor of iOS and Apple, yet many geeks use Android because .... reasons.
Because people aren't taught to value SW freedom (Score:2)
I don't let them do that, but I imagine that others do because they don't know much about how computers work, and haven't been taught about the power of proprietary software. Most people's education about computers runs to valuing convenience over everything else and that leaves them ripe for being exploited as you see in this case and as can be shown in so many other cases involving proprietary software [gnu.org]. Apparently proprietary software is often malware. The solution is to teach p
Re: Because people aren't taught to value SW freed (Score:1)
Because the 10% have to accept what the 90% will accept because there is no company that caters to the top tenth most discerning customers.
No matter how principled we are, the only choices we get are what the masses will readily buy. This is why fanboyism generally hurts everyone while holding technology back. When enough people accept lower standards, those lower standards become the norm.
I hate the way both Android and iOS abuse their customers relentlessly, but I have
Re: Because people aren't taught to value SW free (Score:1)
Part of me gets it, fuck Apple and make them get read of their fancy quote shit, but how many years is it now? Yeah, yeah, fuck the world throw up a finger, but when youâ(TM)re done, do you think you can fix this shit already and just make life a little bit more pleasant for some of your users?
Re: Big fucking deal (Score:1)
Outrage? What outrage? (Score:3, Informative)
Way overreacting for most of that (Score:3)
How is sending device data like the model of your phone "egregious"??? It's not bad that a company knows the makeup of phones of users so it can tailor it's development... like for instance making sure older models work well if it finds a lot of users have them.
I was worried about this with all of the uproar over privacy, that we'd all start to confuse actually egregious violations (which sending phone numbers clearly is, though only one of the apps was doing that) vs apps that merely collect innocuous things like device model info, and sure enough here it is.
They claim in the article that apps have to get permission before sending data to third parties, which is correct - but Truecaller and Hiya are not doing that, they are sending that data to THEMSELVES. A third party would mean some other company besides themselves.
I sure would be wary about an app like TrapCall that sends phone numbers up though... even there I wonder what they are sending. Contact numbers, or just the users own phone number? Even there they should really use a generated ID or hash value from the phone number though.
Re: (Score:3)
Re: (Score:2)
All this data is used to fingerprint and track you across the web.
Some of it can be, but I know a lot of companies that collect device model info and all of them use it only for inertial analytics to understand what devices the customers they have are using.
That's what I mean about us all being way too sensitive about collecting even harmless data that companies simply use because it helps them, and does not harm the consumer in any way.
Re: (Score:1)
How is it not? The purpose of the app doesn't require it
Not directly but some of that information can be used to help drive development in useful directions (like support and extended testing for devices they did not expect or think about).
Not all analytics is harmful, if the company is just using them internally.
Is egregious worse than illegal or the other way around?
I would honestly say that egregious is worse than illegal because to me it describes a very large breech of trust that may technically be leg
Get what you pay for (Score:3)
I wonder if nomorobo and RoboKiller do this.
Free = illusion
NoMoRobo is not free (Score:1)
I use nomorobo (and Hiya purely for the prefix blocking), none of them are free.
I would indeed be concerned about a "free" blocker.
Re: (Score:2)
NoMoRobo is not free (Score:1)
Never said it is. What my post was attempting to say is that Nomorobo and Robokiller are paid, and as such they are less likely to have to monetize their customers beyond already lightening their wallets every month.
FWIW i use robokiller. Not certain it works perfectly all the time, I still get calls that are not identified and don't show up in robokiller's Recents tab.
Re: (Score:1)
What my post was attempting to say is that Nomorobo and Robokiller are paid, and as such they are less likely to have to monetize their customers
Oh yeah, good point - sorry I misunderstood!
Krusty Pregnency Test (Score:1)
May cause birth defects!
Tasker on Android FTW (Score:2)
Step 1: Buy Tasker because it's awesome and doesn't steal your data.
Step 2: Make a Profile in Tasker for incoming calls with !C:ANY and Hang-up as the Task. (Hang up if the caller is not in my contacts)
Step 3: Enjoy receiving calls that only come from your contacts while all others immediately go to VM.
I am shocked! (Score:2)
Your Own Fault For Using Google Play (Score:1)
Why are you downloading unsafe apps from the Play Store? Download your apps from F-Droid [f-droid.org] Blacklist Blocker contains no spyware.
Are robocall-blocking apps as trustworthy as they claim to be?
Only one way to find out. Check the source [github.com]
If a company is producing a free app, (Score:2)
If a company is producing a free app, how in the world do you think they stay in business without selling some amount of your data? The only question is how much data they are selling.
Re: If a company is producing a free app, (Score:1)
Re: If a company is producing a free app, (Score:1)
its high time for a GNU/Linux smartphone (Score:2)