3 billion phone numbers with identities exposed by "Caller Blocking" apps

Release Date: 23 Nov 2016 3110 Views

An investigation by the FactWire News Agency found that three mobile apps with the “ Caller Blocking ” feature are collecting and integrating users’ phone address books into a publicly available database, which contains around 3 billion phone numbers with identities. The database contains the numbers of government officials, legislators, people in business, media, entertainment sectors, as well as the general public of the Hong Kong. It has aroused much public concern.

 

The mobile apps involved include CM Security, Truecaller and Sync.ME. All three apps are available for download for free in the Google Play stores of the Android and Apple store of the iOS systems. The “Reverse Look-up” feature of the three apps allows users to trace the name of the number holder. When a telephone number is input into each app, the app will run a search in the billions of identified numbers in its database to trace the name of the number holder. Each app displays the name even when the holder is not a registered user and has not authorized the app to make his or her personal information available for search. It also noted that the names in the database were not in a fixed format and were occasionally listed under nicknames, suggesting they came from users' address books. Meanwhile Sync.ME also contained information on users' social media profiles.

 

The Privacy Commissioner has issued a press release to raise the public awareness of personal data protection:

Link: https://www.pcpd.org.hk/english/news_events/media_statements/press_20161120.html

 

HKCERT recommends users to pay attention to the purpose of data collection and read carefully on Personal Information Collection Statement during the installation of mobile apps. Besides, users should check if any information on the mobile device will be shared or uploaded. If users have doubts about any mobile apps, please remove the apps to reduce the risk of information leakage.

 

If your information have been unfortunately leaked, you may follow the following procedure to remove related information.

 

Sync.ME URL:https://sync.me/optout/

  1. Enter the name, email and phone number
  2. Tick the box next to “ I'm not a robot ”
  3. Press「 Submit 」

 

Truecaller URL: https://www.truecaller.com/unlist

  1. Enter the phone number ( Postal code is needed: e.g. Hong Kong +852 )
  2. Tick the box next to “ I'm not a robot ”
  3. Press「 Unlist 」

 

 

Share with

Previous

Favourite Security Reads of the Week (18 Nov 2016)

18 Nov 2016 1193 Views

Next

Favourite Security Reads of the Week (25 Nov 2016)

25 Nov 2016 1373 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY