Truecaller bug sparks fears of hacking

Users signed up for UPI account

July 31, 2019 01:48 am | Updated 01:48 am IST - Mumbai

Dilip Asbe

Dilip Asbe

Several Android phone users, who have installed the Truecaller app, were in for a shock on Tuesday when they received text messages saying their registration for the Unified Payment Interface (UPI) app has started, and their bank account was linked to ICICI Bank’s portal for UPI transactions.

Truecaller, a user generated content app that stores registration details of telephone numbers in its database, has a feature named Truecaller Pay, which offers UPI-based transactions like any other payment application. The incident occurred when the app was updated.

The users reported the issue after updating their Android app to the latest Truecaller version 10.41.6.

Affected users received an SMS from ICICI Bank — starting from late Monday evening till early Tuesday morning — that said: “Your registration for UPI app has started. If it was not you, report now to your bank. Do not share card details/OTP/CVV with anyone to avoid financial loss.”

However, only a fraction of Android users were affected as Truecaller terminated the update after receiving feedback on social media and rectified the application for users affected by the problem. Truecaller has over 100 million active users in India.

“We have discovered a bug in the latest update of Truecaller that affected the payments feature, which automatically triggered a registration post updating to the version. This was a bug and we have discontinued this version of the app so no other users will be affected,” Truecaller said in a statement later on Tuesday.

“We're sorry about this version not passing our quality standards. We've taken quick steps to fix the issue, and already rolled out a fix in a new version,” the statement said.

Following the bug, Dilip Asbe, MD & CEO of National Payments Corporation of India (NPCI) clarified, “This is an enrolling mistake by the app without customer consent. However, the customer can’t do any UPI transaction with this. For onboarding to UPI, the customer has to still enter issuer OTP and debit card and set UPI pin. The workflow mistake is limited to enrolling which will not have any impact on any customer account whatsoever.”

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.