Tech.co logo

Robocall Blocking Apps Found to Share Data

August 12, 2019

6:54 pm

In today's internet-driven world, the act of calling someone up on the phone is going extinct.

The rise of texting and message apps are a big reason behind the falling popularity the traditional phone call, but robocalls seem intent on hammering the final nail in the coffin. Thanks to the robocalling tech that lets spammers reach a thousand phone numbers within a few seconds, scam calls have never been higher: They leapt from constituting 3.7% of all US mobile calls in 2017 to making up 44.6% of them in 2018.

We're waiting on robocall regulation from the government, but for those not holding their breath, there's just one solution to the robocall apocalypse: dedicated blocking apps. Now, a new report shows, even those apps might represent a privacy violation.

What was Uncovered?

The news comes from senior security consultant at the cybersecurity firm NCC Group, Dan Hastings, who took a dive into the most popular anti-robocall apps. He found plenty of basic and obvious privacy violations.

The most common: Anti-robocall apps often monetized their service by sending user or device data to third-party companies for a profit.

Not only does the practice happen without users' explicit consent, but in some cases, there's no consent at all: Hastings found, TechCrunch reports, that the TrapCall app sent user phone numbers to the analytics company AppsFlyer despite never informing users as much in its privacy policy or the app itself.

Two other apps, Truecaller and Hiya, both upload device information including type, model, and software version, before users have even accepted their privacy policies. It's a violation of Apple's app guidelines, Hasting notes.

“Without having a technical background, most end users aren’t able to evaluate what data is actually being collected and sent to third parties,” Hastings tells TechCrunch. “Privacy policies are the only way that a non-technical user can evaluate what data is collected about them while using an app.”

Ultimately, these anti-robocall apps are an example of how even the tech that ostensibly protects us from internet spam can be suspect. And when the typical user can't trust a privacy policy, they don't have any protection.

How the App Developers Responded

Several of the apps named above have responded to Hastings' callout.

A Truecaller spokesperson has confirmed that the app sent data as Hastings claimed, but says they have submitted a fix that now prevents it, adding that they “comply to Apple guidelines.”

Hiya also confirmed their app sends device data when opened, but says it doesn't collect personal information. Their statement: “We are currently working on strengthening our privacy even further by re-submitting our apps so that even this basic device information is not shared prior to explicit consent by the user.”

Tech culture runs on monetizing user data, and it's not going to change by itself. For his part, Hastings has broken down the three most needed changes:

“First,” he wrote in a Fast Company article, “privacy policies should not only become more transparent and user-friendly, but they should also actually protect the user. Second, apps must clearly describe the level of user information that is being collected when the app is viewed for the first time. Third, users should be able to opt-out of specific provisions of the privacy policy, just as they can partially accept permissions (GPS location, accessing contacts, etc.). Otherwise, privacy policies only serve to check the requirements box. They really don’t protect the user.”

How to Download Apps Safely

As this news indicates, there's no way to be one hundred percent sure that an app isn't selling your data on the side, even when it's in violation of Apple's data regulations.

So how can you stay safe? Here are the best practices.

  • Use trusted recommendations only — Don't download the first search result, even if it looks legit. Instead, try adding terms like “review” or “scam” to the end of your search, and only click on a trustworthy outlet to see what their critique recommends.
  • Ditch installers and download managers — Popular download sites like Download.cnet.com often offer their own installers or download managers. While they potentially make it easier to download safe apps, they often come packed with bloatware that'll serve you extra advertisements. You're better off avoiding them entirely.
  • Pay for it — Any app company needs to earn a living, and if you're not paying for an app with your money, you're likely paying with your data. Opting for a subscription to a useful app like a VPN provider or an ad blocker might keep your private data a little more private.

Finally, if possible, you might want to consider putting down the phone for a few hours to decompress. I know, I sound like your grandma. But, amid growing fears of privacy violations, it really is the latest trend.

Read more of the latest tech news on Tech.co

Did you like this article?

Get more delivered to your inbox just like it!

Sorry about that. Try these articles instead!

Adam is a writer at Tech.co and has worked as a tech writer, blogger and copy editor for the last decade. He's also a Forbes Contributor on the publishing industry (and Digital Book World 2018 award finalist) and has appeared in publications including Popular Mechanics and IDG Connect. When not glued to TechMeme, he loves obsessing over 1970s sci-fi art.