National

Truecaller bug sparks fears of hacking

Dilip Asbe

Dilip Asbe  

more-in

Users signed up for UPI account

Several Android phone users, who have installed the Truecaller app, were in for a shock on Tuesday when they received text messages saying their registration for the Unified Payment Interface (UPI) app has started, and their bank account was linked to ICICI Bank’s portal for UPI transactions.

Truecaller, a user generated content app that stores registration details of telephone numbers in its database, has a feature named Truecaller Pay, which offers UPI-based transactions like any other payment application. The incident occurred when the app was updated.

The users reported the issue after updating their Android app to the latest Truecaller version 10.41.6.

Affected users received an SMS from ICICI Bank — starting from late Monday evening till early Tuesday morning — that said: “Your registration for UPI app has started. If it was not you, report now to your bank. Do not share card details/OTP/CVV with anyone to avoid financial loss.”

However, only a fraction of Android users were affected as Truecaller terminated the update after receiving feedback on social media and rectified the application for users affected by the problem. Truecaller has over 100 million active users in India.

“We have discovered a bug in the latest update of Truecaller that affected the payments feature, which automatically triggered a registration post updating to the version. This was a bug and we have discontinued this version of the app so no other users will be affected,” Truecaller said in a statement later on Tuesday.

“We're sorry about this version not passing our quality standards. We've taken quick steps to fix the issue, and already rolled out a fix in a new version,” the statement said.

Following the bug, Dilip Asbe, MD & CEO of National Payments Corporation of India (NPCI) clarified, “This is an enrolling mistake by the app without customer consent. However, the customer can’t do any UPI transaction with this. For onboarding to UPI, the customer has to still enter issuer OTP and debit card and set UPI pin. The workflow mistake is limited to enrolling which will not have any impact on any customer account whatsoever.”

Why you should pay for quality journalism - Click to know more

Related Topics National
Recommended for you
This article is closed for comments.
Please Email the Editor

Printable version | Dec 12, 2019 7:02:18 PM | https://www.thehindu.com/news/national/truecaller-bug-sparks-fears-of-hacking/article28764673.ece

Next Story