India accounts for more than half the registered user base of Truecaller’s reverse look-up service

Last week, Truecaller announced its first partnership with a social media network for Indian users only. The Sweden-based global crowdsourced directory said the partnership would allow its users to make connections with a person’s Twitter account. This connection will enable users to tweet to or directly follow a person through the Truecaller app, a move it claims will “lead to a more robust social experience for millions”.

This social integration is something that has drawn mixed responses from users and critics of the platform where users voluntarily submit their entire contact list — and access to much more — to the service provider.

While some like 22-year-old engineering student Nitesh Chakraborthy feel it has increased the “creepiness factor” of the service that he has been using for almost a year, and that it would be better as a standalone directory service, others feel that given the way cloud-based services function today, there’s hardly cause for alarm. These debates on privacy notwithstanding, Truecaller’s growth in India has been quite phenomenal.

22 million users

In an email interview with The Hindu, Alan Mamedi, CEO and co-founder of Truecaller, says that in the three years since its introduction in India, the service has been able to register 22 million users.

This accounts for more than 55 per cent of its users worldwide. No less than half the global weekly additions to the service (around 1 million) are from India.

“This is because in areas where there are large numbers of prepaid users, there is a need for a service that actually solves a problem. We find the emerging markets very exciting and we’ve realised the importance of our service in these markets...they literally represent the next billion users,” says Mr. Mamedi and added that while the service is available in 30 languages, there are plans to add Indian languages.

What is Truecaller?

For the uninitiated, Truecaller is a smartphone-based service that was founded in 2009 and introduced in India a year later. What it offers is very similar to what your good ol’ phone directories offer, but it stands that model on its head. While your old school phonebook perhaps sourced the inventory of listed numbers from various teleservice providers, Truecaller uses your phonebook. The reverse look-up service is crowdsourced, so if you sign up for the service it copies your entire contact list and stores it in its global database.

The tech works

Truecaller maintains that there is a lot of obfuscation on how exactly the service works. Mr. Mamedi explains that in the backend, the service calculates a users’ people graph within less than a second to make the search experience as accurate as possible. In fact, this is not very different from what Facebook or Whatsapp does.

“We do this with an advanced in-house technology which is based on various open source platforms. Truecaller uses your contact list to form your social graph. It creates a relevant Name Search and People You May Know function.”

Mr. Mamedi clarifies that the service only accesses the phone numbers in the contact list. Going by that logic, getting a reverse look-up service in exchange for your contact list appears to be a fair trade-off. But sceptics disagree that the trade-off is that simple.

Hacked in July

Warning bells were first sounded in July this year, when word got around that a hacker group, the Syrian Electronic Army, had broken into the Truecaller database. While the company acknowledge the hack, it was quick to put word out that only tokens — a unique lock for each user — were compromised and not actual lists. They also clarified that the database does not have any sensitive information such as passwords or credit card information. Mr. Mamedi insists that it was the website that was hacked and not the app, so though it was “unfortunate, information remained safe”.

Truecaller’s propaganda notwithstanding, users who have paid attention to the fine print — and some have installed the service anyway — will tell you there is enough in the ‘terms of service’ that users have to ‘accept’ before signing up to make one uncomfortable.

This reporter found that under the title ‘App permissions’ that is a prerequisite to the installation, the app asks for multiple access permissions: among these are access to storage, to disable your screen lock, modify or delete contents of your External SD card, read your text messages and social information, find accounts on the device, allow controlling of vibrations and preventing phone from sleeping and access to network communication.

These issues surrounding privacy and data ownership was flagged by Infosys co-founder S. Gopalakrishnan at a recent conference on ‘Legal issues pertaining to cloud computing’.

He pointed out that in exchange for a service, people have become comfortable with the idea of uploading entire contact lists, and more.

“People simply click ‘agree’ on these licence terms without as much as reading the fine print or worrying about the larger legal implications and risks. In the case of Truecaller, the fact that its database was compromised made people sit up and notice,” he said, advocating strict regulation in case of services where identifiable attributes of individuals are made part of a database.

‘Problematic’

Sarath M.S., a member of the Free Software Movement of Karnataka, says that this is problematic from the data privacy point of view. He raises the large question of data ownership and control, and points out that given it isn’t free software it is difficult for users — even tech-savvy ones like him — to find out what the app does with the data while on the mobile.

“The problem starts with the fact that the data is uploaded to their servers. Another issue is that such huge database (around 450GB) of centralised accurate private information is, in advertising terms, big money. So it gives immense power to the owners such data, which is the fundamental problem here.”

Mr. Sarath says that it is cause for concern that user in trying to make their tech lives convenient are casual about the security of their data and devices. "This is what services like Truecaller exploits.”