Do you hate robocalls enough to let an app give your data to third parties in exchange for blocking the spam? Researchers found that’s exactly what’s happening to millions of people using the most popular robocall-blocking apps.
Robocalls have become an epidemic, as lawmakers and phone carriers seek to stomp out the massive number of spam calls sent per day. A study found that there were 26.3 billion robocalls made in the US in 2018, and it’s the No. 1 source of complaints to the Federal Communications Commission and Federal Trade Commission.
Hastings found that a majority of them were collecting personal data on people’s devices without their explicit consent and sharing it with analytics firms.
“If most people took the time to read and try to understand privacy policies for all the apps they use (and are able to understand them!), they might be surprised to see how much these apps collect,” the researcher said in a statement.
Hastings is presenting his findings at Defcon’s Crypto & Privacy Village on Sunday.
While robocalls are the top consumer complaint to the FTC and the FCC, privacy is also a major concern for the agencies. The FTC levied a record $5 billion fine on Facebook for the social network’s privacy violations, and people are becoming more aware of all the ways tech giants siphon personal data.
Free apps that provide one solution can turn out to be creating another problem for people’s privacy, like when an innocuous-seeming weather app turns out to be selling your location data. Robocall blocking apps are no different, Hastings found.
These apps are sharing people’s phone numbers with data analytics firms, looking at your text messages and phone calls, and can learn what apps you have on your device, the researcher said.
“TrapCall only shares phone numbers with service providers who power our internal analytics and app messaging platforms. Additionally, service providers are prohibited from using TrapCall data for their own or any other purpose,” the company said in a statement.
In its permissions on Android, Hiya requests for access to photos, location data and web activity logs — features that have nothing to do with blocking phone calls. The company said that it requests for location data so that people can find nearby businesses more easily.
These three apps are among the top robocalling apps available. Together, they have more than 110 million installs on the Google Play Store alone.
“I can only hope that more transparency about exactly what data is being sent and where will be made more digestible and transparent for end users,” Hastings said. “Until that day comes, users will continue to have to read through privacy policies and hope researchers provide more insight into what various types of apps collect about them.”
Originally published at 7:00 a.m. PT.
Updated at 9:23 a.m. PT: To add response from Truecaller.
Uber CEO Dara Khosrowshahi spoke with CNBC’s David Faber and Jim Cramer on Friday about the company’s second-quarter results as it tries to recover from a rough start since its IPO and prove to investors that it can reach profitability. In the interview, Khosrowshahi called the company’s massive $5.2 billion loss in the second quarter...
Discord today announced it’s premiering its own internal livestreaming feature, appropriately titled Go Live. It’s essentially a very small video stream where a few friends can comment on your gameplay — but it sounds like a fun alternative to other livestreaming services. Go Live lets Discord users broadcast their gameplay over a voice chat channel...