There are a number of popular Android caller ID apps that promise to show you who’s calling before you pick up the phone. Turns out, however, those apps may not be such a good idea — a number of them have been systematically uploading users’ name, phone number, and even social media platforms to online databases where they can be seen by anyone, according to the Hong Kong Free Press.
Three of the major apps — Truecaller, Sync.ME, and Cheetah Mobile’s CM Security — have apparently been hacked, according to the Hong Kong Free Press. All of those apps are available as free downloads from the Google Play Store.
All three of the apps basically include a feature that lets users see who is calling them, even if the user doesn’t have the caller in their address book. To use this feature, the apps basically have to collect users’ information, which helps the app match an unknown number to a name when that number shows up in a call. Some of the names in the databases were listed as nicknames, which suggests that they came from users’ address books.
In an interview with IBTimes UK, TrueCaller said users can’t get a phone number from the service unless the owner of the number gives permission, and both Truecaller and Sync.ME let users opt out of sharing their contact information. CM Security doesn’t seem to also let users opt out. Cheetah Mobile, however, says that it has disabled the reverse look-up feature in CM Security to prevent any more phone numbers from being uploaded.