Dan Hastings, a senior security consultant at the cybersecurity firm NCC Group, analysed some of the most popular robocall-blocking apps, including Hiya, TrapCall and Truecaller.
It was found that many of the apps have been sharing user and/or device data to third-party analytics companies, without gaining explicit consent.
In a statement:
“TrapCall only shares phone numbers with service providers who power our internal analytics and app messaging platforms. Additionally, service providers are prohibited from using TrapCall data for their own or any other purpose.”
With Android devices, Hiya requests access for location data, which has no relation with blocking phone calls. The company have stated that the reason why location data is requested is so people can find businesses nearby more easily.
Hiya have addressed the concerns and will be re-submitting its apps to the iOS and Play stores.
“Privacy policies are great, but apps need to get better about abiding by them,” said Hastings.
“If most people took the time to read and try to understand privacy policies for all the apps they use (and are able to understand them!), they might be surprised to see how much these apps collect,” he said. “Until that day, end-users will have to rely on security researchers performing manual deep dives into how apps handle their private information in practice.”
Article originally published on PrivSec:Report
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.