Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Communications Security IT Technology

Robocall Blocking Apps Caught Sending Your Private Data Without Permission (techcrunch.com) 37

Posted by msmash from the privacy-woes dept.
Robocall-blocking apps promise to rid your life of spoofed and spam phone calls. But are they as trustworthy as they claim to be? From a report: One security researcher said many of these apps can violate your privacy as soon as they are opened. Dan Hastings, a senior security consultant cybersecurity firm NCC Group, analyzed some of the most popular robocall-blocking apps -- including TrapCall, Truecaller, and Hiya -- and found egregious privacy violations. [...] Many of these apps, said Hastings, send user or device data to third-party data analytics companies -- often to monetize your information -- without your explicit consent, instead burying the details in their privacy policies. One app, TrapCall, sent users' phone numbers to a third-party analytics firm, AppsFlyer, without telling users -- either in the app nor in the privacy policy. He also found Truecaller and Hiya uploaded device data -- device type, model and software version, among other things -- before a user could accept their privacy policies.
This discussion has been archived. No new comments can be posted.

Robocall Blocking Apps Caught Sending Your Private Data Without Permission More

Robocall Blocking Apps Caught Sending Your Private Data Without Permission

Comments Filter:
  • Were there any apps that didnâ(TM)t do this, though? I deleted Truecaller and would like to download a similar, but more trustworthy app.

    • Re: (Score:3)

      by jwhyche ( 6192 )

      Drop your pants, bend over, and grab your ankles. I really doesn't matter which way you point your ass now. Someone is going to fuck you over.

    • Yes, I wished they would have listed some white-list choices. I use something called Call Control for Android. It sees pretty good, it works very well and blocks calls without even 1 ring if targeted.

      I tried 5 or 6 different ones and almost all of them fucked off and stopped blocking calls after a day or two. I don't know if they were compromised, or just poorly written, or they somehow timed out or some crap like that, but somehow they started leaking the spam calls through eventually. So far, Call Con

  • Why do we let them do this? (Score:5, Insightful)

    by DigitAl56K ( 805623 ) on Friday August 09, 2019 @12:25PM (#59069542)

    Our mobile operating systems let apps get far too much data from our phones with minimal or no interaction for permissions. Why do these inbound call blocking apps even need to know my phone number?

    It's been the same problem for over a decade now and there is no fix from the Android team.

    The permissions should be detailed, down to the individual data elements, so that when I install or launch an app I can see that "This app can see your phone number", "This app can see your IEMI", "This app can see your email address", not "This app needs to control your phone". .. And for any of these, the OS should allow me to deny or spoof them. The stock OS.

    • Re: (Score:2)

      by sinij ( 911942 )

      Our mobile operating systems let apps get far too much data from our phones with minimal or no interaction for permissions.

      Isn't it obvious why? Android is maintained by Google that make all their money by collecting data about you.

      • Android is maintained by Google that make all their money by collecting data about you.

        Which should be the killer argument in favor of iOS and Apple, yet many geeks use Android because .... reasons.

    • Why do we let them do this?

      I don't let them do that, but I imagine that others do because they don't know much about how computers work, and haven't been taught about the power of proprietary software. Most people's education about computers runs to valuing convenience over everything else and that leaves them ripe for being exploited as you see in this case and as can be shown in so many other cases involving proprietary software [gnu.org]. Apparently proprietary software is often malware. The solution is to teach p

      • Why do we let them do this?

        Because the 10% have to accept what the 90% will accept because there is no company that caters to the top tenth most discerning customers.

        No matter how principled we are, the only choices we get are what the masses will readily buy. This is why fanboyism generally hurts everyone while holding technology back. When enough people accept lower standards, those lower standards become the norm.

        I hate the way both Android and iOS abuse their customers relentlessly, but I have

        • Slashdot, motherfuck seriously? I mean, yeah, I get it, Apple has fucked up apostropheâ(TM)s and some other douchbag quote stuff, but youâ(TM)re seriously just not dealing with them on principal?

          Part of me gets it, fuck Apple and make them get read of their fancy quote shit, but how many years is it now? Yeah, yeah, fuck the world throw up a finger, but when youâ(TM)re done, do you think you can fix this shit already and just make life a little bit more pleasant for some of your users?

  • Outrage? What outrage? (Score:3, Informative)

    by The Snazster ( 5236943 ) on Friday August 09, 2019 @12:27PM (#59069566)
    We post. And then we move on. This is why our politicians get away with so much, too.

  • Way overreacting for most of that (Score:3)

    by SuperKendall ( 25149 ) on Friday August 09, 2019 @12:34PM (#59069634)

    How is sending device data like the model of your phone "egregious"??? It's not bad that a company knows the makeup of phones of users so it can tailor it's development... like for instance making sure older models work well if it finds a lot of users have them.

    I was worried about this with all of the uproar over privacy, that we'd all start to confuse actually egregious violations (which sending phone numbers clearly is, though only one of the apps was doing that) vs apps that merely collect innocuous things like device model info, and sure enough here it is.

    They claim in the article that apps have to get permission before sending data to third parties, which is correct - but Truecaller and Hiya are not doing that, they are sending that data to THEMSELVES. A third party would mean some other company besides themselves.

    I sure would be wary about an app like TrapCall that sends phone numbers up though... even there I wonder what they are sending. Contact numbers, or just the users own phone number? Even there they should really use a generated ID or hash value from the phone number though.

    • Re: (Score:3)

      by sinij ( 911942 )
      All this data is used to fingerprint and track you across the web. Think of it not as "sending model of your phone", but as identifying your phone every time you visit a third-party web site.

      • All this data is used to fingerprint and track you across the web.

        Some of it can be, but I know a lot of companies that collect device model info and all of them use it only for inertial analytics to understand what devices the customers they have are using.

        That's what I mean about us all being way too sensitive about collecting even harmless data that companies simply use because it helps them, and does not harm the consumer in any way.

  • Get what you pay for (Score:3)

    by TigerPlish ( 174064 ) on Friday August 09, 2019 @12:47PM (#59069736)

    I wonder if nomorobo and RoboKiller do this.

    Free = illusion

    • I use nomorobo (and Hiya purely for the prefix blocking), none of them are free.

      I would indeed be concerned about a "free" blocker.

      • NoMoRobo is not free (Score:1)

        Never said it is. What my post was attempting to say is that Nomorobo and Robokiller are paid, and as such they are less likely to have to monetize their customers beyond already lightening their wallets every month.

        FWIW i use robokiller. Not certain it works perfectly all the time, I still get calls that are not identified and don't show up in robokiller's Recents tab.

        • What my post was attempting to say is that Nomorobo and Robokiller are paid, and as such they are less likely to have to monetize their customers

          Oh yeah, good point - sorry I misunderstood!

  • May cause birth defects!

  • Android only, but I send all calls that are not in my contacts directly to VM with Tasker.

    Step 1: Buy Tasker because it's awesome and doesn't steal your data.
    Step 2: Make a Profile in Tasker for incoming calls with !C:ANY and Hang-up as the Task. (Hang up if the caller is not in my contacts)
    Step 3: Enjoy receiving calls that only come from your contacts while all others immediately go to VM.
  • Shocked, I say!

  • Your Own Fault For Using Google Play (Score:1)

    by Anonymous Coward

    Why are you downloading unsafe apps from the Play Store? Download your apps from F-Droid [f-droid.org] Blacklist Blocker contains no spyware.

    Are robocall-blocking apps as trustworthy as they claim to be?

    Only one way to find out. Check the source [github.com]

  • If a company is producing a free app, how in the world do you think they stay in business without selling some amount of your data? The only question is how much data they are selling.

    • Its not just free apps. And free software that doesnâ(TM)t abuse you in large part powers the Internet. Millions of developers hours that were given for no pay whatsoever have given the world some of itâ(TM)s greatest software. It can be done. Mobile just seems to have attracted the type of developer that thinks they should be able to support themselves forever with a âHello Worldâ(TM) app. âDevelopers gotta eat!â(TM) they like to say, which implies, I imagine, that all o
    • 1% of apps have any use, the rest or rip offs and scams. Most of them shouldnâ(TM)t stay in business. Hundreds of billions of dollars was made writing software before developers one day decided they âoehadâ to pilfer all of your data in order to stay alive.
  • with concerned citizen developers watching closely what they do, buy a phone with just a basic Linux on it, then you can choose from any qualified Linux distro to install on it,

Slashdot Top Deals

Any circuit design must contain at least one part which is obsolete, two parts which are unobtainable, and three parts which are still under development.

Close